Hi - the combofix crashed half way through but funnily enough the 1st programme works and the computer boots up in normal mode ok now. The results are below in a few posts to fit:
GMER 1.0.15.14972 -
http://www.gmer.netRootkit scan 2009-06-03 07:13:12
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8E279498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8E2794AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8E279528]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8E279552]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8E279470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8E279484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8E2794FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8E27957A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8E279566]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8E2794EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8E2794D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8E27945C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8E27953E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8E279514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8E2794C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution 8206DC26 5 Bytes JMP 8E279518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 82203778 5 Bytes JMP 8E279474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 82210A49 5 Bytes JMP 8E279556 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 822373DB 7 Bytes JMP 8E279502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 822444A0 5 Bytes JMP 8E279542 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 82244829 7 Bytes JMP 8E27952C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8224F8F4 5 Bytes JMP 8E2794DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 82253FA9 5 Bytes JMP 8E279460 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 82258271 5 Bytes JMP 8E279488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateUserProcess 8226683B 5 Bytes JMP 8E2794C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 822841D0 5 Bytes JMP 8E27956A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8228521A 5 Bytes JMP 8E27957E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 822C3265 5 Bytes JMP 8E27949C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 822C32B0 7 Bytes JMP 8E2794B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 822C3D6F 5 Bytes JMP 8E2794EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\agrsmsvc.exe[504] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\agrsmsvc.exe[504] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\taskeng.exe[568] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[568] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[568] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[648] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\csrss.exe[648] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Users\Barry\ij8pr81p.exe[720] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Users\Barry\ij8pr81p.exe[720] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\wininit.exe[776] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[776] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\wininit.exe[776] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[788] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\csrss.exe[788] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[788] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00290F6B
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00290F7C
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00290F24
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00290F3F
.text C:\Windows\system32\services.exe[820] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00290081
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00290FD4
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 0029004A
.text C:\Windows\system32\services.exe[820] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00290F8D
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00290FA8
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00290FC3
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 0029009C
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 002900DF
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 0029000A
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00290FEF
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00290025
.text C:\Windows\system32\services.exe[820] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00290F5A
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00130F8A
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 0013002C
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00130FEF
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00130FA5
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00130047
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00130011
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00130000
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00130FCA
.text C:\Windows\system32\services.exe[820] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\services.exe[820] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 007C0FB0
.text C:\Windows\system32\services.exe[820] msvcrt.dll!system 77218B63 5 Bytes JMP 007C0031
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 007C0FC1
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 007C0FE3
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 007C0020
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 007C0FD2
.text C:\Windows\system32\services.exe[820] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 0018000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 004800F1
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 004800E0
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00480F80
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00480F9B
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 004800AA
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0048002C
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00480058
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00480FB6
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00480069
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00480047
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 004800C5
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00480F6F
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00480011
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00480000
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00480FDB
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 0048010C
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 000A004A
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 000A000A
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 000A0FB2
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 000A0F83
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 000A002F
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00490FC0
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!system 77218B63 5 Bytes JMP 0049004B
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00490029
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 0049000C
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 0049003A
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00490FEF
.text C:\Windows\system32\lsass.exe[844] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsass.exe[844] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsass.exe[844] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 000B0FEF
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [36, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [18, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [2A, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2D, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [12, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [15, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [21, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0F, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [30, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1B, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [33, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\Explorer.EXE[848] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00010071
.text C:\Windows\Explorer.EXE[848] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00010F2B
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 0001009D
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 0001008C
.text C:\Windows\Explorer.EXE[848] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00010F72
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryExW 76A230C3 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00010F9E
.text C:\Windows\Explorer.EXE[848] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00010F61
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00010F50
.text C:\Windows\Explorer.EXE[848] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00010EEB
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00010FDE
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[848] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00010F10
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00050F8D
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00050FB9
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00050FE5
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00050F9E
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00050040
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 0005001B
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 0005000A
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00050FCA
.text C:\Windows\Explorer.EXE[848] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3C0F5A
.text C:\Windows\Explorer.EXE[848] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F380F5A
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00060051
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!system 77218B63 5 Bytes JMP 00060040
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 0006000A
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00060FE3
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00060025
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00060FC6
.text C:\Windows\Explorer.EXE[848] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 035B0000
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenA 75D5B2D5 5 Bytes JMP 0378000A
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenW 75D5B92E 5 Bytes JMP 0378001B
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenUrlA 75D5DEF0 5 Bytes JMP 03780FE5
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenUrlW 75DA7347 5 Bytes JMP 03780FD4
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\lsm.exe[852] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[852] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsm.exe[852] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\winlogon.exe[940] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[940] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\winlogon.exe[940] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 000E0F3C
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 000E0081
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 000E00D2
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 000E00B7
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 000E0055
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 000E0014
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 000E0FA1
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 000E0066
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 000E0F7C
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 000E0FB2
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 000E0F57
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 000E00ED
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 000E0FC3
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 000E00A6
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 000F004E
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!system 77218B63 5 Bytes JMP 000F0FCD
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 000F0FDE
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 000F0029
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 000C0F72
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 000C0F94
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 000C0F83
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 000C0039
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 000C0FCA
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 000C0FAF
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1048] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 000D0FEF
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 001F00CF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 001F00B4
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76A01C01 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 001F0105
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 001F0F6F
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 001F0092
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 001F005B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 001F0FC0
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 001F00A3
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 001F0F54
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 001F002C
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 001F00EA
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00200055
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 77218B63 5 Bytes JMP 00200044
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00200018
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00200029
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00200FDE
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 001C0043
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 001C0F97
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 001C0028
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 001C0054
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 76A01929 3 Bytes JMP 002C00F4
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoW + 4 76A0192D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 76A019C9 3 Bytes JMP 002C0FAF
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA + 4 76A019CD 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessW 76A01C01 3 Bytes JMP 002C0123
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessW + 4 76A01C05 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 76A01C36 3 Bytes JMP 002C0F83
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessA + 4 76A01C3A 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!VirtualProtect 76A01DD1 3 Bytes JMP 002C0FC0
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!VirtualProtect + 4 76A01DD5 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 76A05C44 3 Bytes JMP 002C0047
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW + 4 76A05C48 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 002C006C
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 002C00B4
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 002C007D
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 002C0FDB
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 002C00D9
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 002C0F72
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 002C0011
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 002C0000
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 002C002C
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 002C0F9E
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 002D005D
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!system 77218B63 5 Bytes JMP 002D0042
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 002D0FD2
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 002D0000
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 002D0027
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 002D0FE3
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 000F0F94
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 000F002C
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 000F0FA5
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 000F0F83
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 000F001B
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 000F0FDB
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 000F0FC0
.text C:\Windows\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1268] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00110000
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 011800B7
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 01180F72
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 01180F57
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 011800E3
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 0118007A
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0118002C
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 0118003D
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 0118008B
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 0118004E
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 01180FC0
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 011800A6
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 01180112
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 01180011
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 01180000
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 01180FDB
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 011800D2
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 011D0069
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!system 77218B63 5 Bytes JMP 011D004E
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 011D0FD4
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 011D0000
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 011D0029
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 011D0FEF
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 01120F94
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 01120FB9
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 01120000
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 01120036
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 01120F83
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 01120FDB
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 01120011
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 01120FCA
.text C:\Windows\System32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1296] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 01130000
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00EF0F5D
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00EF0F78
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00EF00D8
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00EF00C7
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00EF0062
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00EF0FD4
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00EF0FB9
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00EF007D
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00EF0051
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00EF0040
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00EF0098
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00EF0F27
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00EF000A
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00EF001B
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00EF0F4C
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00F0005F
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!system 77218B63 5 Bytes JMP 00F00044
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00F00FD4
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00F00FEF
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00F00033
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00F00018
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 0060006C
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00600036
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00600FE5
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 0060005B
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00600087
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 0060000A
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00600025
.text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1308] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00650000
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00240F61
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00240F72
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00240F2B
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00240F46
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00240081
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00240039
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00240FB2
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00240F8D
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00240054
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00240FCD
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 002400A6
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00240F1A
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00240FDE
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00240014
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 002400C1
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00250044
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!system 77218B63 5 Bytes JMP 00250033
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00250FDE
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00250FEF
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00250FC3
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00250018
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00210F7C
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00210FA8
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00210F8D
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 0021002F
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00210FDE
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00210FC3
.text C:\Windows\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1420] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00F80F38
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00F80F53
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00F800A2
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00F80F0C
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00F80062
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00F80036
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00F80FB9
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00F80F78
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00F80051
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00F80FCA
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00F80087
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00F80EFB
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00F80014
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00F80FEF
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00F80025
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00F80F27
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00F90042
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!system 77218B63 5 Bytes JMP 00F90031
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00F90FC1
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00F90020
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00F90FD2
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00ED004A
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00ED0039
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00ED0FEF
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00ED0FA8
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00ED005B
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00ED0FC3
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00ED0FDE
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00ED0014
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1484] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00F60000
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenA 75D5B2D5 5 Bytes JMP 00F7000A
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenW 75D5B92E 5 Bytes JMP 00F7001B
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlA 75D5DEF0 5 Bytes JMP 00F70036
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlW 75DA7347 5 Bytes JMP 00F70FE5
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 006000CF
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 006000BE
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00600F54
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 006000E0
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00600FB6
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0060003D
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00600058
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00600FA5
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 0060007D
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00600FD1
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00600F94
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00600F39
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00600011
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00600000
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00600022
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00600F65
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00610FE5
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!system 77218B63 5 Bytes JMP 00610070
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 0061003A
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00610055
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 0061001D
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 005A008A
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 005A0054
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 005A0065
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 005A0FC3
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 005A002F
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 005A0014
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 005A0FDE
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1572] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 005F0FE5
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 01860F6B
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 01860F7C
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 01860101
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 018600E6
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 01860092
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 01860FDE
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 01860054
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 01860F9E
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 01860065
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 01860FCD
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 01860F8D
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 01860F50
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 01860FEF
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 01860000
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 01860025
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 018600CB
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 01970F95
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!system 77218B63 5 Bytes JMP 01970FA6
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 01970FD2
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 01970FEF
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 01970FC1
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 0197000C
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 01980FB6
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 0198003D
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 01980FE5
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 0198004E
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 01980FA5
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 0198001B
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 01980000
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 0198002C
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1956] WS2_32.dll!socket