GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-11 16:07:13 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA5EA Running: gmer.exe; Driver: C:\DOCUME~1\PETERN~1\LOCALS~1\Temp\pftyapod.sys ---- System - GMER 1.0.15 ---- SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF85D2A1C] SSDT F8E63BB4 ZwCreateThread SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF85D2C10] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF85D2CB6] SSDT F8E63BD2 ZwLoadKey SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF85D290C] SSDT F8E63BA0 ZwOpenProcess SSDT F8E63BA5 ZwOpenThread SSDT F8E63BDC ZwReplaceKey SSDT F8E63BD7 ZwRestoreKey SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF85D2E52] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF85D4B30] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ThreatFire\TFService.exe[172] kernel32.dll!CreateRemoteThread + 174 7C8105B0 4 Bytes JMP 716F0000 .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\svchost.exe[288] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\svchost.exe[288] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[288] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\svchost.exe[288] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\svchost.exe[288] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\svchost.exe[288] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe[380] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\Explorer.EXE[532] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[532] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\Explorer.EXE[532] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[532] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A .text C:\WINDOWS\Explorer.EXE[532] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\Explorer.EXE[532] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[532] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\Explorer.EXE[532] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A .text C:\WINDOWS\Explorer.EXE[532] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A .text C:\WINDOWS\Explorer.EXE[532] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\Explorer.EXE[532] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\Explorer.EXE[532] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\Explorer.EXE[532] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\Explorer.EXE[532] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\Explorer.EXE[532] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\fxssvc.exe[596] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\fxssvc.exe[596] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\fxssvc.exe[596] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\fxssvc.exe[596] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\fxssvc.exe[596] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\fxssvc.exe[596] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\fxssvc.exe[596] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\fxssvc.exe[596] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\fxssvc.exe[596] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\fxssvc.exe[596] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\fxssvc.exe[596] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\fxssvc.exe[596] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\fxssvc.exe[596] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[820] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\spoolsv.exe[916] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[916] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\spoolsv.exe[916] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[916] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\spoolsv.exe[916] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\spoolsv.exe[916] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[916] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\spoolsv.exe[916] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\spoolsv.exe[916] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\spoolsv.exe[916] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\spoolsv.exe[916] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\spoolsv.exe[916] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\spoolsv.exe[916] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\svchost.exe[1040] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1268] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\svchost.exe[1268] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 712C000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 7117000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 716E000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\winlogon.exe[1332] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 713B000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!LookupPrivilegeValueW + 5 77DE41DC 1 Byte [70] .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 7123000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 70C3000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\winlogon.exe[1332] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [19, 71] .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\winlogon.exe[1332] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\winlogon.exe[1332] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\winlogon.exe[1332] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\services.exe[1376] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1376] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\services.exe[1376] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1376] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\services.exe[1376] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\services.exe[1376] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1376] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\services.exe[1376] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\services.exe[1376] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\services.exe[1376] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\services.exe[1376] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\services.exe[1376] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\services.exe[1376] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\lsass.exe[1388] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1388] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\lsass.exe[1388] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1388] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\lsass.exe[1388] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\lsass.exe[1388] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1388] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\lsass.exe[1388] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\lsass.exe[1388] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\lsass.exe[1388] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\lsass.exe[1388] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\lsass.exe[1388] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\lsass.exe[1388] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A .text C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe[1532] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\svchost.exe[1588] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\svchost.exe[1588] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1632] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\svchost.exe[1632] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\svchost.exe[1632] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[1632] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\svchost.exe[1632] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\svchost.exe[1632] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\svchost.exe[1632] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707D000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705C000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7086000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7089000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7080000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7083000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7056000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704D000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706E000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706B000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7050000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7059000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7053000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7065000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7068000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\System32\svchost.exe[1828] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 705F000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7077000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7071000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7074000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7062000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707A000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1828] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\System32\svchost.exe[1828] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\System32\svchost.exe[1828] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\System32\svchost.exe[1828] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\System32\svchost.exe[1828] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\System32\svchost.exe[1828] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\System32\svchost.exe[1828] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\System32\svchost.exe[1828] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A .text C:\WINDOWS\System32\svchost.exe[1828] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\ThreatFire\TFTray.exe[1856] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\Program Files\ThreatFire\TFTray.exe[1856] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\ThreatFire\TFTray.exe[1856] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 707E000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 705D000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7087000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 708A000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7081000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 7084000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 709C000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7057000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A2000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 704E000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 706F000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 706C000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 709F000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7051000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 705A000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 7054000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7099000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A8000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 70A5000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 7096000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 708D000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7090000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 7066000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7069000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7093000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7060000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7078000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7072000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7075000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7063000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 707B000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\ThreatFire\TFTray.exe[1856] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\Program Files\ThreatFire\TFTray.exe[1856] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\Program Files\ThreatFire\TFTray.exe[1856] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1900] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\svchost.exe[1900] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\svchost.exe[1900] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1900] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\svchost.exe[1900] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\svchost.exe[1900] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[1900] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\svchost.exe[1900] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\svchost.exe[1900] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\svchost.exe[1900] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] shell32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] shell32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] shell32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] shell32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] shell32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1996] shell32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe[2028] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\System32\alg.exe[3084] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3084] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71] .text C:\WINDOWS\System32\alg.exe[3084] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3084] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71] .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71] .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A .text C:\WINDOWS\System32\alg.exe[3084] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70] .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71} .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[3084] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71] .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A .text C:\WINDOWS\System32\alg.exe[3084] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A .text C:\WINDOWS\System32\alg.exe[3084] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7145000A .text C:\WINDOWS\System32\alg.exe[3084] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B2000A .text C:\WINDOWS\System32\alg.exe[3084] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AF000A .text C:\WINDOWS\System32\alg.exe[3084] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7148000A .text C:\WINDOWS\System32\alg.exe[3084] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714E000A .text C:\WINDOWS\System32\alg.exe[3084] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714B000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\internet explorer\iexplore.exe[3272] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [1B, 71] .text C:\Program Files\internet explorer\iexplore.exe[3272] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\internet explorer\iexplore.exe[3272] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [33, 71] .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70A4000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70D7000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 711F000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70CB000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7158000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7149000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 714C000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70CE000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7077000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70B9000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7056000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 710D000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 7155000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 7080000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7083000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 707A000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 707D000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 7107000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71] .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D1000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70DA000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 7095000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7131000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 7050000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 709B000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 710A000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70AD000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70B6000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70B3000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7047000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7068000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7065000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 7098000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 704A000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7053000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 712E000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 704D000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B0000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 713A000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 7092000A .text C:\Program Files\internet explorer\iexplore.exe[3272] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70D4000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7059000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 712B000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70BF000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 7071000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [BB, 70] .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [24, 71] {AND AL, 0x71} .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7128000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 706B000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 706E000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 714F000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 705C000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7152000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 7113000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C2000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7074000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7122000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!EndTask 7E459E75 6 Bytes JMP 7137000A .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Program Files\internet explorer\iexplore.exe[3272] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [0F, 71] .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70EF000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70DD000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7101000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F2000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70F5000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 708F000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E0000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70E9000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70E3000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 7104000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70EC000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70F8000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7086000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7089000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70E6000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 70FB000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 70FE000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70C5000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70C8000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 705F000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7062000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 708C000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7119000A .text C:\Program Files\internet explorer\iexplore.exe[3272] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 7116000A .text C:\Program Files\internet explorer\iexplore.exe[3272] WININET.dll!InternetOpenUrlA 771C59F1 6 Bytes JMP 70A1000A .text C:\Program Files\internet explorer\iexplore.exe[3272] WININET.dll!InternetOpenUrlW 771D5B3A 6 Bytes JMP 709E000A .text C:\Program Files\internet explorer\iexplore.exe[3272] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 713D000A .text C:\Program Files\internet explorer\iexplore.exe[3272] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70AA000A .text C:\Program Files\internet explorer\iexplore.exe[3272] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70A7000A .text C:\Program Files\internet explorer\iexplore.exe[3272] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7140000A .text C:\Program Files\internet explorer\iexplore.exe[3272] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 7146000A .text C:\Program Files\internet explorer\iexplore.exe[3272] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 7143000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3376] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\wscntfy.exe[3376] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3376] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7084000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7063000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708D000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7090000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7087000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708A000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6D, 71] .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A2000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705D000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A8000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7054000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7075000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7072000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A5000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7057000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7060000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705A000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 709F000A .text C:\WINDOWS\system32\wscntfy.exe[3376] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7066000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707E000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C2, 70] .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2B, 71] .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7078000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707B000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 7069000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711A000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7081000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3376] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [16, 71] .text C:\WINDOWS\system32\wscntfy.exe[3376] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\wscntfy.exe[3376] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\wscntfy.exe[3376] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\wscntfy.exe[3376] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\wscntfy.exe[3376] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\wscntfy.exe[3376] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709C000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7093000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7096000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegQueryValueA 77DE42F0 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegQueryValueA + 5 77DE42F5 1 Byte [70] .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706C000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 706F000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 7099000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\wscntfy.exe[3376] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3452] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71] .text C:\WINDOWS\system32\wuauclt.exe[3452] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3452] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71] .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71] .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\wuauclt.exe[3452] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A .text C:\WINDOWS\system32\wuauclt.exe[3452] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70] .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71} .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wuauclt.exe[3452] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71] .text C:\WINDOWS\system32\wuauclt.exe[3452] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\wuauclt.exe[3452] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\wuauclt.exe[3452] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\wuauclt.exe[3452] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\wuauclt.exe[3452] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\wuauclt.exe[3452] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714B000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!DeviceIoControl 7C801625 6 Bytes JMP 70AC000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 70DF000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!VirtualProtectEx 7C801A5D 6 Bytes JMP 7127000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 70D3000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 7160000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 7166000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 7163000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 7151000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 7154000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!VirtualAlloc 7C809A61 6 Bytes JMP 70D6000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!MultiByteToWideChar 7C809C08 6 Bytes JMP 7085000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!LoadResource 7C809FC5 6 Bytes JMP 70C1000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!WideCharToMultiByte 7C80A0E4 6 Bytes JMP 7064000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!GetProcAddress 7C80ADB0 6 Bytes JMP 7115000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!LoadLibraryW 7C80AE5B 6 Bytes JMP 715D000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateMutexW 7C80E8C7 6 Bytes JMP 708E000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateMutexA 7C80E94F 6 Bytes JMP 7091000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!OpenMutexW 7C80E9A5 6 Bytes JMP 7088000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!OpenMutexA 7C80EA2B 6 Bytes JMP 708B000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!GetVolumeInformationW 7C80F9F5 6 Bytes JMP 710F000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateRemoteThread 7C81043C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateRemoteThread + 4 7C810440 2 Bytes [6E, 71] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateThread 7C810647 6 Bytes JMP 70D9000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateFileW 7C810770 6 Bytes JMP 70E2000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!WriteFile 7C810D97 6 Bytes JMP 70A3000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!TerminateThread 7C81CE13 6 Bytes JMP 7139000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!MoveFileW 7C821271 6 Bytes JMP 705E000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateDirectoryA 7C8217BC 6 Bytes JMP 70A9000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!GetVolumeInformationA 7C821BB5 6 Bytes JMP 7112000A .text C:\Documents and Settings\PDesktop\GMER\gmer.exe[3516] kernel32.dll!CopyFileExW 7C827B42 6 Bytes JMP 70B5000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CopyFileA 7C8286FE 6 Bytes JMP 70BE000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CopyFileW 7C82F88F 6 Bytes JMP 70BB000A .text C:\Documents and Settings\P\esktop\GMER\gmer.exe[3516] kernel32.dll!OpenProcess 7C830A01 6 Bytes JMP 7055000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!DeleteFileA 7C831EF5 6 Bytes JMP 7076000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!DeleteFileW 7C831F7B 6 Bytes JMP 7073000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateDirectoryW 7C83241A 6 Bytes JMP 70A6000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!MoveFileExW 7C8356A3 6 Bytes JMP 7058000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!MoveFileA 7C835ED7 6 Bytes JMP 7061000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!DebugActiveProcess 7C85A2B3 6 Bytes JMP 7136000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!MoveFileExA 7C85D653 6 Bytes JMP 705B000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CopyFileExA 7C85E554 6 Bytes JMP 70B8000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!WinExec 7C86158D 6 Bytes JMP 7142000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!SetThreadContext 7C862C89 6 Bytes JMP 70A0000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] kernel32.dll!CreateToolhelp32Snapshot 7C864D2F 6 Bytes JMP 70DC000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegOpenKeyExW 77DD6A8F 6 Bytes JMP 70F7000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegQueryValueExW 77DD6FDF 6 Bytes JMP 70E5000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegCreateKeyExW 77DD774C 6 Bytes JMP 7109000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegOpenKeyExA 77DD7832 6 Bytes JMP 70FA000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegOpenKeyW 77DD7926 6 Bytes JMP 70FD000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!OpenProcessToken 77DD796B 6 Bytes JMP 709D000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegQueryValueExA 77DD7A9B 6 Bytes JMP 70E8000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegSetValueExW 77DDD663 6 Bytes JMP 70F1000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegQueryValueW 77DDD77A 6 Bytes JMP 70EB000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegCreateKeyExA 77DDE834 6 Bytes JMP 710C000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegSetValueExA 77DDE927 6 Bytes JMP 70F4000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegOpenKeyA 77DDEE08 6 Bytes JMP 7100000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!AdjustTokenPrivileges 77DDEE4C 6 Bytes JMP 7094000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!LookupPrivilegeValueW 77DE41D7 6 Bytes JMP 7097000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegQueryValueA 77DE42F0 6 Bytes JMP 70EE000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegCreateKeyW 77DE45EE 6 Bytes JMP 7103000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegCreateKeyA 77DE4706 6 Bytes JMP 7106000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!OpenSCManagerW 77DE5E5D 6 Bytes JMP 70CD000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!OpenSCManagerA 77DED705 6 Bytes JMP 70D0000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegDeleteKeyW 77DF8886 6 Bytes JMP 706D000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!RegDeleteKeyA 77DFB6BE 6 Bytes JMP 7070000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!LookupPrivilegeValueA 77DFC110 6 Bytes JMP 709A000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!LsaRemoveAccountRights 77E1AAA1 6 Bytes JMP 7169000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 7121000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 711E000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!SetWindowTextW 7E41BC36 6 Bytes JMP 7067000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 7133000A .text C:\Documents and Settings\PDesktop\GMER\gmer.exe[3516] USER32.dll!GetWindowTextW 7E41CDB6 6 Bytes JMP 70C7000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!DrawTextW 7E41D7C2 6 Bytes JMP 707F000A .text C:\Documents and Settings\PDesktop\GMER\gmer.exe[3516] USER32.dll!ShowWindow 7E41D8A4 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!ShowWindow + 4 7E41D8A8 2 Bytes [C3, 70] .text C:\Documents and Settings\Pe\Desktop\GMER\gmer.exe[3516] USER32.dll!GetKeyboardState 7E41EF29 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Pe\Desktop\GMER\gmer.exe[3516] USER32.dll!GetKeyboardState + 4 7E41EF2D 2 Bytes [2C, 71] {SUB AL, 0x71} .text C:\Documents and Settings\Pale\Desktop\GMER\gmer.exe[3516] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 7130000A .text C:\Documents and Settings\Pe\Desktop\GMER\gmer.exe[3516] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 7079000A .text C:\Documents and Settings\Psktop\GMER\gmer.exe[3516] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 707C000A .text C:\Documents and Settings\Pesktop\GMER\gmer.exe[3516] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 7157000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!SetWindowTextA 7E42F52B 6 Bytes JMP 706A000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 715A000A .text C:\Documents and Settings\PDesktop\GMER\gmer.exe[3516] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 711B000A .text C:\Documents and Settings\PDesktop\GMER\gmer.exe[3516] USER32.dll!GetWindowTextA 7E43212B 6 Bytes JMP 70CA000A .text C:\Documents and Settings\sktop\GMER\gmer.exe[3516] USER32.dll!DrawTextA 7E43C6CA 6 Bytes JMP 7082000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 712A000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!EndTask 7E459E75 6 Bytes JMP 713F000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!RegisterRawInputDevices 7E46CBD4 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] USER32.dll!RegisterRawInputDevices + 4 7E46CBD8 2 Bytes [17, 71] .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] SHELL32.dll!ShellExecuteExW 7CA01823 6 Bytes JMP 7145000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] SHELL32.dll!Shell_NotifyIcon 7CA20CF9 6 Bytes JMP 70B2000A .text C:\Documents and Settings\P\Desktop\GMER\gmer.exe[3516] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 6 Bytes JMP 70AF000A .text C:\Documents and Settings\Pe\Desktop\GMER\gmer.exe[3516] SHELL32.dll!ShellExecuteEx 7CA40C15 6 Bytes JMP 7148000A .text C:\Documents and Settings\PDesktop\GMER\gmer.exe[3516] SHELL32.dll!ShellExecuteA 7CA40F40 6 Bytes JMP 714E000A .text C:\Documents and Settings\Pale\Desktop\GMER\gmer.exe[3516] SHELL32.dll!ShellExecuteW 7CAB4FD0 6 Bytes JMP 714B000A ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device B97CAC8A AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.trspch tssoft32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.I420 i420vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv31 ir32_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv32 ir32_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv41 ir41_32.ax Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iyuv iyuv_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.uyvy msyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yuy2 msyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvu9 tsbyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yvyu msyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg723 msg723.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M263 msh263.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M261 msh261.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msaudio1 msaud32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.sl_anet sl_anet.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.iac2 C:\WINDOWS\system32\iac25_32.ax Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv50 ir50_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\WINDOWS\system32\l3codeca.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.DIVX DivX.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.yv12 yv12vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.tscc tsccvid.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.XVID xvidvfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave3 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi3 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer3 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave4 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi4 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer4 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux3 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@New Value #1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.WMV3 wmv9vcm.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.VP40 vp4vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.voxacm160 vct3216.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo vfwwdm32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP70 vp7vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.X264 x264vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.FPS1 frapsvid.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP60 vp6vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP61 vp6vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.VP62 vp6vfw.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.DRAW DVIDEO.DLL Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.MSUD msulvc05.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wave rdpsnd.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@mixer rdpsnd.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@MaxBandwidth 22201 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wavemapper msacm32.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@EnableMP3Codec 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@midimapper midimap.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1 ---- EOF - GMER 1.0.15 ----