Yes OTL did freeze.
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtAddBootEntry, Type: Address change 0x830C4F1E-->9141E202 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateEvent, Type: Address change 0x83021DA7-->914207F0 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateEventPair, Type: Address change 0x830CA5D8-->91420848 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateIoCompletion, Type: Address change 0x82FDB972-->9142095E [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x8302F80C-->91420746 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Address change 0x83040DE5-->91420898 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateSemaphore, Type: Address change 0x82FE6D2B-->9142079A [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtCreateTimer, Type: Address change 0x82FC9ACF-->9142090C [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtDeleteBootEntry, Type: Address change 0x830C4F4F-->9141E226 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x82F7ADEE-->9141DFF0 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtModifyBootEntry, Type: Address change 0x830C511F-->9141E24A [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtNotifyChangeKey, Type: Address change 0x82FCE609-->91420D56 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtNotifyChangeMultipleKeys, Type: Address change 0x82FCDA81-->9141ECDA [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenEvent, Type: Address change 0x83008DCF-->91420820 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenEventPair, Type: Address change 0x830CA707-->91420870 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenIoCompletion, Type: Address change 0x8307C6E9-->91420988 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenMutant, Type: Address change 0x83020B61-->91420772 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x8302066D-->914208D8 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenSemaphore, Type: Address change 0x82FB4EEE-->914207C8 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtOpenTimer, Type: Address change 0x830CA363-->91420936 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtQueryObject, Type: Address change 0x82FF53AB-->9141EBA0 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetBootEntryOrder, Type: Address change 0x830C5850-->9141E26E [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetBootOptions, Type: Address change 0x830C5D54-->9141E292 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x82FF5EEB-->9141E04A [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSetSystemPowerState, Type: Address change 0x830E90A1-->9141E186 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtShutdownSystem, Type: Address change 0x830C23F5-->9141E162 [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x83007EC1-->9141E1AA [C:\Windows\System32\Drivers\aswSnx.SYS]
ntkrnlpa.exe-->NtVdmControl, Type: Address change 0x830B6F21-->9141E2B6 [C:\Windows\System32\Drivers\aswSnx.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0xAF7C67C0 [232] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0xB2728208 [376] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x91A34D90 [560] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x91A86940 [656] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x81210B88 [696] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x8126CD90 [708] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x812097B8 [740] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x8121FD90 [756] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x812187A8 [764] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x81277020 [840] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x857E0B90 [936] C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation, Windows Modules Installer)
0x812FD6E0 [944] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x812FE588 [1028] C:\Windows\System32\DTS.exe (-, Data Transfer Service)
0x81302D90 [1040] C:\Windows\System32\ibmpmsvc.exe (Lenovo, ThinkPad Power Management Service)
0x91A963F8 [1072] C:\Windows\System32\AtService.exe (AuthenTec, Inc., AFSS Service)
0x813944F0 [1120] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x813E5670 [1164] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85429020 [1180] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x851DC4C8 [1220] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation, Windows Media Player Network Sharing Service Configuration Application)
0x91BABD90 [1268] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x9D1DE9F8 [1328] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x9D1D6D90 [1352] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAF61C020 [1464] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x813F7D90 [1508] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0xAF6419F0 [1544] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x854904F0 [1584] C:\Windows\System32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0xAF71DD90 [1688] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xAF73AD90 [1900] C:\Windows\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)
0x8703FD90 [1932] C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo, ThinkVantage Access Connections Service GUI helper Module)
0x8551CD90 [1940] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8515F3A0 [1952] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0xAF6272B0 [2068] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB27D9500 [2328] C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited, On screen display Fn+Fx handler)
0xB27E5450 [2352] C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo, ThinkVantage Access Connections Profile Manager Service)
0xB2792A48 [2376] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., MobileDeviceService)
0xB27F8D90 [2420] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0xB3264720 [2444] C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation, Intel® PROSet/Wireless Event Log Service)
0x853958E8 [2532] C:\Program Files\DDNI\SBITS\DDNIOEMService.exe (Digital Delivery Networks, Inc., DDNI OEM Service)
0x854E5B70 [2540] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0xB27D5CE8 [2552] C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (Firebird Project, Firebird SQL Server)
0xB2776678 [2600] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation, PresentationFontCache.exe)
0x87051680 [2744] C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0xB330BB68 [2848] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0xB32FE968 [2884] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x85440D90 [2976] C:\Windows\System32\TpShocks.exe (Lenovo., ThinkVantage Active Protection System)
0x8704FD58 [3012] C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc., ATI External Event Utility EXE Module)
0xB3329C60 [3128] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB3329020 [3140] C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo, Power Manager Dynamic Brightness Control Service)
0xB33F8830 [3164] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation, Intel® PROSet/Wireless Registry Service)
0xB33F4020 [3180] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp., Microsoft SeaPort Search Enhancement Broker)
0xB38D6858 [3228] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0xB38F7510 [3264] C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (Lenovo, tvttcsd Application)
0xB38D9020 [3300] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85443D90 [3324] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0xB3904D90 [3336] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0xB3943D90 [3392] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)
0xB3937C60 [3424] C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo, ThinkVantage Access Connections Main Service)
0x87055020 [3604] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x813B5D90 [3668] C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (Firebird Project, Firebird SQL Server)
0x8542CD90 [3732] C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (
http://tortoisesvn.net, TortoiseSVN status cache)
0xB3374D90 [3748] C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation, WMI Provider Host)
0x85410770 [3884] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited, Presentation Director Fn+F7 handler)
0x853E3890 [3900] C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo, RegMgr Module)
0x8553E940 [3920] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated, Synaptics TouchPad Enhancements)
0x85326620 [3984] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd., ThinkPad EasyEject Support Application)
0x8550B020 [4104] C:\Windows\System32\igfxpers.exe (Intel Corporation, persistence Module)
0x85405140 [4152] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited, ThinkVantage Productivity Center Manager)
0x85405D90 [4164] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited, ThinkVantage Productivity Center MailChecker)
0x8555ED90 [4172] C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe (-, Message Center Plus Launcher)
0x85408D90 [4180] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x85555500 [4208] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited, scheduler_proxy Application)
0x85519D90 [4216] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo, ThinkVantage Access Connections AC Tray Module)
0x85543958 [4232] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo, ThinkVantage Access Connections Wireless LAN Icon Module)
0x854B5460 [4244] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc., Catalyst Control Center: Monitoring program)
0x85542938 [4300] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited, CSS Authentication Provider)
0x8556F258 [4316] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited, ThinkPad FnF6 Resident Module)
0x853EFB68 [4360] C:\Program Files\iTunes2\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x85575468 [4400] C:\Windows\System32\msiexec.exe (Microsoft Corporation, Windows® installer)
0x855AE020 [4548] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x855DFD90 [4556] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited, Launch Agent Service)
0x853EAC48 [4564] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x857B8C60 [4576] C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited, Password Manager)
0x855FD5B8 [4580] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation, Windows Live Messenger)
0x8554F370 [4808] C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited, ThinkVantage Registry Monitor Service)
0x856396E0 [4984] C:\Windows\System32\TPHDEXLG.exe (Lenovo., ThinkVantage Active Protection System - HDD Logger Module)
0x8540B020 [5032] C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe (-, rrpservice Module)
0x85567D90 [5204] C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited, Rescue and Recovery Backup Service)
0xB274F940 [5260] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated, TouchPad Driver Helper Application)
0xB798C6A0 [5412] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x858606C8 [5432] C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation, Windows Live Communications Platform)
0x85746940 [5436] C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited, ThinkVantage Scheduler)
0x857417F8 [5444] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc., Catalyst Control Centre: Host application)
0x857F5288 [5472] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc., Adobe® Flash® Player Installer/Uninstaller 10.3 r181)
0x8570F020 [5548] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated, Synaptics Pointing Device Helper)
0x853801A8 [5844] C:\Users\LENOVO\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x85780290 [6000] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x84B93C10 [4] System
0x91B31D90 [1436] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
==============================================
>Drivers
==============================================
0x8D200000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7225344 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x8CC07000 C:\Windows\system32\DRIVERS\atikmdag.sys 5898240 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82E0F000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82E0F000 PnpManager 3907584 bytes
0x82E0F000 RAW 3907584 bytes
0x82E0F000 WMIxWDM 3907584 bytes
0x8DC0F000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3756032 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x94AA0000 Win32k 2113536 bytes
0x94AA0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88C01000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x88804000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9100D000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88A08000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D4000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB2F0C000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x88B0D000 C:\Windows\System32\Drivers\dump_iaStor.sys 897024 bytes
0x88606000 C:\Windows\system32\DRIVERS\iaStor.sys 897024 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9110F000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xAEE1B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8D8E4000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8DA01000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E409000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x91801000 C:\Windows\System32\Drivers\ATSwpWDF.sys 479232 bytes (AuthenTec, Inc., AuthenTec Swipe Sensor WDF USB Driver)
0x8E510000 C:\Windows\system32\drivers\CHDRT32.sys 479232 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x88782000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060F000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9140B000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8040A000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAEF22000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x918FC000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x88997000 C:\Windows\system32\DRIVERS\mux.sys 323584 bytes (Intel© Corporation, My WiFi PAN Intermediate Miniport Driver)
0xB2EA1000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x9196E000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x80737000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x91542000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8068E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80493000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8DB19000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D1A7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x805B4000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x918B4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8893A000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8DA8E000 C:\Windows\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8D9AD000 C:\Windows\system32\DRIVERS\e1y6032.sys 237568 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 6 deserialized driver)
0xB2E28000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88D11000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x915C1000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8E4CA000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x831C9000 ACPI_HAL 208896 bytes
0x831C9000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8871F000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9158F000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DAEA000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x80781000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8E585000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8890F000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8DB78000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xAEEDB000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xB2E79000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88D8A000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8E5B2000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8DBD9000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88DC2000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAEFDA000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x914BC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x88D5B000 C:\Windows\System32\DRIVERS\Apsx86.sys 131072 bytes (Lenovo., Shockproof Disk Driver)
0xB2E09000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x886E9000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAEF8F000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x88AF2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x919DE000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xAEFAC000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DAC9000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8E5D7000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xB2E61000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91957000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0xAEE04000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0x88761000 C:\Windows\System32\Drivers\DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0x8DBB7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB2EF0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x807E7000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x91876000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9150F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAEFC5000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x807D2000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x807BE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9152E000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D990000 C:\Windows\system32\DRIVERS\atikmpag.sys 77824 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x8DFC2000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xAEF0F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9189A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88DB1000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E4FF000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x88751000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x911CD000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xAEECB000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807AE000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8DFA4000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8E492000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x88975000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x919CF000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88D7B000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x889E6000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D1E5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80728000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8DFB4000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x94CF0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9188C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x914F8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88711000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8DFED000 C:\Windows\system32\drivers\tpm.sys 57344 bytes (Microsoft Corporation, TPM Device Driver)
0x80680000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x919B8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8DBAA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8DB6B000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x8E4BD000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xB2FF4000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x914B0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D984000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9147B000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0x8DFD5000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8DFE2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x914ED000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8DBCE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8DB5A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88BE8000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D9E7000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8071E000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x919C5000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D9A3000 C:\Windows\system32\DRIVERS\HECI.sys 40960 bytes (Intel Corporation, Intel® Management Engine Interface)
0x88707000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8E4B3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAEF05000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x918F0000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x88778000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB2FEA000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x88D4A000 C:\Windows\System32\DRIVERS\ApsHM86.sys 36864 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0x91525000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0x91000000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88DE3000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9148A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x911C4000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91506000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94CC0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88BF3000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x91400000 C:\Windows\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0x8DAE1000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806D4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x886E1000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x911E4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806DD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x914DD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x914E5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8DBA2000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x88D53000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8E4A9000 C:\Windows\system32\DRIVERS\Tvti2c.sys 32768 bytes (Lenovo (United States) Inc., SMBUS Driver)
0xB2E00000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9149A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x915F9000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x911EC000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0x911DD000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80403000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91493000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8E4A2000 C:\Windows\system32\DRIVERS\psadd.sys 28672 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0x8D9F2000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x918AD000 C:\Windows\System32\drivers\Tppwr32v.sys 28672 bytes (Lenovo Group Limited, Power Manager)
0x914A1000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0x8DC07000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8DB65000 C:\Windows\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)
0x9158A000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x914A7000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0x8DC00000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0x8DFFB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB2F08000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x919F9000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8071B000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8DC05000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0x919FD000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0x918FA000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x8E4B1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8DFE0000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x919FC000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x82EB77AA-->82EB77B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB4C, Type: Inline - RelativeJump 0x82EBBB4C-->82EBBB5E [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB68, Type: Inline - RelativeJump 0x82EBBB68-->82EBBB75 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x830A0DCA-->9198D39C [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x8303F543-->9198A7F2 [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x82FE662F-->91988D4C [aswSP.SYS]
ntkrnlpa.exe-->TmInitSystem, Type: Inline - RelativeJump 0x831691DF-->831691E9 [ntkrnlpa.exe]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[1028]DTS.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[1028]DTS.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1028]DTS.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1028]DTS.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1028]DTS.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[1028]DTS.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000A0C0C [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000A0E10 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000A0804 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000A0A08 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000A01F8 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000A03FC [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000A0600 [unknown_code_page]
[1040]ibmpmsvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000A1014 [unknown_code_page]
[1040]ibmpmsvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1040]ibmpmsvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000801F8 [unknown_code_page]
[1040]ibmpmsvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000803FC [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000B0600 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000B0804 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000B01F8 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000B0A08 [unknown_code_page]
[1040]ibmpmsvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000B03FC [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[1072]AtService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[1072]AtService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1072]AtService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1072]AtService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1072]AtService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[1072]AtService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1120]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1120]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1120]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1120]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1120]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001D0600 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001D0804 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001D01F8 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001D0A08 [unknown_code_page]
[1120]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001D03FC [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[1164]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[1164]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1164]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1164]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1164]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00230600 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00230804 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002301F8 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00230A08 [unknown_code_page]
[1164]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002303FC [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[1180]wmpnetwk.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[1180]wmpnetwk.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1180]wmpnetwk.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[1180]wmpnetwk.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[1180]wmpnetwk.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000C0C0C [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000C0E10 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000C0804 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000C0A08 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000C01F8 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000C03FC [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000C0600 [unknown_code_page]
[1220]wmpnscfg.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000C1014 [unknown_code_page]
[1220]wmpnscfg.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1220]wmpnscfg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000901F8 [unknown_code_page]
[1220]wmpnscfg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000903FC [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000D0600 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000D0804 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000D01F8 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000D0A08 [unknown_code_page]
[1220]wmpnscfg.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000D03FC [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1268]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1268]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1268]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1268]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1268]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00280600 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00280804 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002801F8 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00280A08 [unknown_code_page]
[1268]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002803FC [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[1328]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[1328]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1328]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1328]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1328]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00E20600 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00E20804 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00E201F8 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00E20A08 [unknown_code_page]
[1328]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00E203FC [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000B0C0C [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000B0E10 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000B0804 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000B0A08 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000B01F8 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000B03FC [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000B0600 [unknown_code_page]
[1352]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000B1014 [unknown_code_page]
[1352]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1352]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1352]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00910600 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00910804 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->009101F8 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00910A08 [unknown_code_page]
[1352]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->009103FC [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1464]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1464]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1464]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1464]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1544]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1544]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1544]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00CC0600 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00CC0804 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00CC01F8 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00CC0A08 [unknown_code_page]
[1544]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00CC03FC [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[1584]igfxsrvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[1584]igfxsrvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1584]igfxsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1584]igfxsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[1584]igfxsrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1688]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1688]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1688]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1688]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1688]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[1688]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[1900]wlanext.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[1900]wlanext.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1900]wlanext.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[1900]wlanext.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[1900]wlanext.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00340C0C [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00340E10 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00340804 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00340A08 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003401F8 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003403FC [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00340600 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00341014 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1932]SvcGuiHlpr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00350600 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00350804 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003501F8 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00350A08 [unknown_code_page]
[1932]SvcGuiHlpr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003503FC [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[1940]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[1940]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->6941E1E9 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->6941E860 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->6941EE46 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->6941FBE1 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->6942007C [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->6941FD66 [IEShims.dll]
[1940]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->69421AEC [IEShims.dll]
[1940]iexplore.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1940]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[1940]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[1940]iexplore.exe-->shell32.dll+0x000889A8, Type: Code Mismatch 0x76A089A8 + 559528 [4D 30 43 69]
[1940]iexplore.exe-->shell32.dll+0x000889B0, Type: Code Mismatch 0x76A089B0 + 559536 [57 2F 43 69 9C 5B 42 69]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->6941E1E9 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->6942103D [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->6941E860 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->6941EB68 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->6941A3FB [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->6941EE46 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->69423ADC [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->69423035 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->69422999 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->6941CAA7 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->6941BD77 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->6941C368 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->6941BEA2 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->6941C5D8 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->6941CD20 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->6941D22A [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->6941CFA8 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->6941D4B8 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->6941C709 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->6941C848 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->6941FBE1 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->6942007C [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->6941FD66 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->694209B9 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->69420994 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->69421614 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->69420C95 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->69421AEC [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->69421D56 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->6941C0FB [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->6941D9DA [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->6941DC5C [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->6941BB38 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->6941F0D0 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->6941F5C5 [IEShims.dll]
[1940]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->6941FAAA [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->6942ED95 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->6942E5C5 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->6942EF31 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->6943051D [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->6942EB3D [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->6942FBB3 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->6942F817 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x77828E3B-->6A08D0C5 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x778426F1-->6A195F9A [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x77849A62-->6A195FD1 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x778417AA-->6A195F63 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x778272A2-->6A09DE88 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77831305-->6A09DAFC [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7786847D-->6A19535A [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77852EF5-->6A1952F7 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77868152-->6A195294 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x778510B0-->69FC54D5 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7782CD8B-->6A09DD15 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7785326E-->69FC7E8E [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7782863C-->69FB8F0F [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x77838CB1-->6A09D2C5 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x77841847-->6A1957FF [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x77840745-->69FC59E7 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->6941E1E9 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->6941E860 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->6941A3FB [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->6941EE46 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->69423ADC [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->69423035 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->69422999 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->6941D4B8 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->6941FBE1 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->6942007C [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->6941FD66 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->69420994 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->69421AEC [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->69421D56 [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->6941DC5C [IEShims.dll]
[1940]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7787D972-->6A196AAF [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7787D639-->6A19515C [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7787D65D-->6A1950FA [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7787D4D9-->6A195229 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7787D5D3-->6A1951BE [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x77852F75-->6A19672B [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x77866FB2-->6A19677F [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x77850987-->6A195B6E [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[1940]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->6A099A89 [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[1940]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->6A00467E [ieframe.dll]
[1940]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[1940]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->694182F6 [IEShims.dll]
[1940]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->694182F6 [IEShims.dll]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[1952]SearchProtocolHost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[1952]SearchProtocolHost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[1952]SearchProtocolHost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[1952]SearchProtocolHost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[1952]SearchProtocolHost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000B0C0C [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000B0E10 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000B0804 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000B0A08 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000B01F8 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000B03FC [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000B0600 [unknown_code_page]
[2068]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000B1014 [unknown_code_page]
[2068]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2068]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000901F8 [unknown_code_page]
[2068]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000903FC [unknown_code_page]
[2068]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000F0600 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000F0804 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000F01F8 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000F0A08 [unknown_code_page]
[2068]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000F03FC [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[2292]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[2292]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->6941E1E9 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->6941E860 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->6941EE46 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->6941FBE1 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->6942007C [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->6941FD66 [IEShims.dll]
[2292]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->69421AEC [IEShims.dll]
[2292]iexplore.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2292]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[2292]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[2292]iexplore.exe-->shell32.dll+0x000889A8, Type: Code Mismatch 0x76A089A8 + 559528 [4D 30 43 69]
[2292]iexplore.exe-->shell32.dll+0x000889B0, Type: Code Mismatch 0x76A089B0 + 559536 [57 2F 43 69 9C 5B 42 69]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->6941E1E9 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->6942103D [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->6941E860 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->6941EB68 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->6941A3FB [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->6941EE46 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->69423ADC [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->69423035 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->69422999 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->6941CAA7 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->6941BD77 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->6941C368 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->6941BEA2 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->6941C5D8 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->6941CD20 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->6941D22A [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->6941CFA8 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->6941D4B8 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->6941C709 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->6941C848 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->6941FBE1 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->6942007C [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->6941FD66 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->694209B9 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->69420994 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->69421614 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->69420C95 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->69421AEC [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->69421D56 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->6941C0FB [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->6941D9DA [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->6941DC5C [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->6941BB38 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->6941F0D0 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->6941F5C5 [IEShims.dll]
[2292]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->6941FAAA [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->6942ED95 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->6942E5C5 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->6942EF31 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->6943051D [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->6942EB3D [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->6942FBB3 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->6942F817 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x77828E3B-->6A08D0C5 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x778426F1-->6A195F9A [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x77849A62-->6A195FD1 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x778417AA-->6A195F63 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x778272A2-->6A09DE88 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77831305-->6A09DAFC [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7786847D-->6A19535A [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77852EF5-->6A1952F7 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77868152-->6A195294 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x778510B0-->69FC54D5 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7782CD8B-->6A09DD15 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x7785326E-->69FC7E8E [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7782863C-->69FB8F0F [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x77838CB1-->6A09D2C5 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x77841847-->6A1957FF [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x77840745-->69FC59E7 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->6941E1E9 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->6941E860 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->6941A3FB [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->6941EE46 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->69423ADC [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->69423035 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->69422999 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->6941D4B8 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->6941FBE1 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->6942007C [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->6941FD66 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->69420994 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->69421AEC [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->69421D56 [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->6941DC5C [IEShims.dll]
[2292]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x7787D972-->6A196AAF [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7787D639-->6A19515C [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7787D65D-->6A1950FA [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7787D4D9-->6A195229 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7787D5D3-->6A1951BE [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x77852F75-->6A19672B [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x77866FB2-->6A19677F [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x77850987-->6A195B6E [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[2292]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->6A099A89 [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[2292]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->6A00467E [ieframe.dll]
[2292]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[2292]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->694182F6 [IEShims.dll]
[2292]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->694182F6 [IEShims.dll]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[2328]TPHKSVC.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[2328]TPHKSVC.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2328]TPHKSVC.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2328]TPHKSVC.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[2328]TPHKSVC.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[232]AvastSvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[232]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x765EA8C5-->EC900004 [unknown_code_page]
[232]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Code Mismatch 0x765EA8C5 + 3 [90]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->001C0C0C [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->001C0E10 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->001C0804 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->001C0A08 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001C01F8 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001C03FC [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->001C0600 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->001C1014 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2352]AcPrfMgrSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001D0600 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001D0804 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001D01F8 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001D0A08 [unknown_code_page]
[2352]AcPrfMgrSvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001D03FC [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2376]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2376]AppleMobileDeviceService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2420]mDNSResponder.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2420]mDNSResponder.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2420]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2420]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2420]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00C00C0C [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00C00E10 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00C00804 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00C00A08 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->00C001F8 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->00C003FC [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00C00600 [unknown_code_page]
[2444]EvtEng.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00C01014 [unknown_code_page]
[2444]EvtEng.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2444]EvtEng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2444]EvtEng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00C10600 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00C10804 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00C101F8 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00C10A08 [unknown_code_page]
[2444]EvtEng.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00C103FC [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[2532]DDNIOEMService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[2532]DDNIOEMService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2532]DDNIOEMService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2532]DDNIOEMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[2532]DDNIOEMService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2540]iPodService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2540]iPodService.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2540]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2540]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2540]iPodService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[2552]fbguard.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[2552]fbguard.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2552]fbguard.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2552]fbguard.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001A0600 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001A0804 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001A01F8 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001A0A08 [unknown_code_page]
[2552]fbguard.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001A03FC [unknown_code_page]
[2600]PresentationFontCache.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[2744]Ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[2744]Ati2evxx.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2744]Ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[2744]Ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[2744]Ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2848]dwm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2848]dwm.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2848]dwm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2848]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2848]dwm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2848]dwm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[2884]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[2884]explorer.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2884]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[2884]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[2884]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[2884]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[2976]TpShocks.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[2976]TpShocks.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[2976]TpShocks.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[2976]TpShocks.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00190600 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00190804 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001901F8 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00190A08 [unknown_code_page]
[2976]TpShocks.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001903FC [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3012]Ati2evxx.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3012]Ati2evxx.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3012]Ati2evxx.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3012]Ati2evxx.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[3012]Ati2evxx.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3128]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3128]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3128]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3128]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3128]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000C0600 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000C0804 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000C01F8 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000C0A08 [unknown_code_page]
[3128]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000C03FC [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[3140]PWMDBSVC.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[3140]PWMDBSVC.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3140]PWMDBSVC.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3140]PWMDBSVC.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3140]PWMDBSVC.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3164]RegSrvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3164]RegSrvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3164]RegSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3164]RegSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[3164]RegSrvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3180]SeaPort.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3180]SeaPort.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3180]SeaPort.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3180]SeaPort.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[3180]SeaPort.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3228]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3228]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3228]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3228]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3264]tvttcsd.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3264]tvttcsd.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3264]tvttcsd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3264]tvttcsd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001A0600 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001A0804 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001A01F8 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001A0A08 [unknown_code_page]
[3264]tvttcsd.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001A03FC [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3300]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3300]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3300]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3300]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00060C0C [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00060E10 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00060804 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00060A08 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000601F8 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000603FC [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00060600 [unknown_code_page]
[3324]iexplore.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00061014 [unknown_code_page]
[3324]iexplore.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3324]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000401F8 [unknown_code_page]
[3324]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000403FC [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77831305-->6A09DAFC [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7786847D-->6A19535A [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77852EF5-->6A1952F7 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x77868152-->6A195294 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x778510B0-->69FC54D5 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7787D639-->6A19515C [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7787D65D-->6A1950FA [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7787D4D9-->6A195229 [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7787D5D3-->6A1951BE [ieframe.dll]
[3324]iexplore.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[3324]iexplore.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3336]SearchIndexer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3336]SearchIndexer.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3336]SearchIndexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3336]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[3336]SearchIndexer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[3392]XAudio.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[3392]XAudio.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3392]XAudio.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3392]XAudio.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[3392]XAudio.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00330C0C [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00330E10 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00330804 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00330A08 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003301F8 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003303FC [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00330600 [unknown_code_page]
[3424]AcSvc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00331014 [unknown_code_page]
[3424]AcSvc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3424]AcSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3424]AcSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00340600 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00340804 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003401F8 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00340A08 [unknown_code_page]
[3424]AcSvc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003403FC [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[3604]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[3604]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3604]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3604]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00280C0C [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00280E10 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00280804 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00280A08 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002801F8 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002803FC [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00280600 [unknown_code_page]
[3668]fbserver.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00281014 [unknown_code_page]
[3668]fbserver.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3668]fbserver.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->002501F8 [unknown_code_page]
[3668]fbserver.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->002503FC [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00290600 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00290804 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002901F8 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00290A08 [unknown_code_page]
[3668]fbserver.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002903FC [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->001A0C0C [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->001A0E10 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->001A0804 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->001A0A08 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001A01F8 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001A03FC [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->001A0600 [unknown_code_page]
[3732]TSVNCache.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->001A1014 [unknown_code_page]
[3732]TSVNCache.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3732]TSVNCache.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3732]TSVNCache.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->001B0600 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->001B0804 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001B01F8 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->001B0A08 [unknown_code_page]
[3732]TSVNCache.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001B03FC [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[3748]WmiPrvSE.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[3748]WmiPrvSE.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3748]WmiPrvSE.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[3748]WmiPrvSE.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00090600 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00090804 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000901F8 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00090A08 [unknown_code_page]
[3748]WmiPrvSE.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000903FC [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[376]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[376]spoolsv.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[376]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[376]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[376]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00160C0C [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00160E10 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00160804 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00160A08 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001601F8 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001603FC [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00160600 [unknown_code_page]
[3884]tpfnf7sp.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00161014 [unknown_code_page]
[3884]tpfnf7sp.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3884]tpfnf7sp.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[3884]tpfnf7sp.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3884]tpfnf7sp.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[3900]iviRegMgr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[3900]iviRegMgr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3900]iviRegMgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3900]iviRegMgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3900]iviRegMgr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00280C0C [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00280E10 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00280804 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00280A08 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002801F8 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002803FC [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00280600 [unknown_code_page]
[3920]SynTPEnh.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00281014 [unknown_code_page]
[3920]SynTPEnh.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3920]SynTPEnh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3920]SynTPEnh.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00270600 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00270804 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002701F8 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00270A08 [unknown_code_page]
[3920]SynTPEnh.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002703FC [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[3984]EZEJMNAP.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[3984]EZEJMNAP.EXE-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[3984]EZEJMNAP.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[3984]EZEJMNAP.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[3984]EZEJMNAP.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4104]igfxpers.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4104]igfxpers.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4104]igfxpers.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4104]igfxpers.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4104]igfxpers.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4152]LPMGR.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4152]LPMGR.EXE-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4152]LPMGR.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4152]LPMGR.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4152]LPMGR.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4164]LPMLCHK.EXE-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4164]LPMLCHK.EXE-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4164]LPMLCHK.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4164]LPMLCHK.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4164]LPMLCHK.EXE-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[4172]MCPLaunch.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[4172]MCPLaunch.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4172]MCPLaunch.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[4172]MCPLaunch.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[4172]MCPLaunch.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->69A34618 [shimeng.dll]
[4172]MCPLaunch.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[4172]MCPLaunch.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000C0C0C [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000C0E10 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000C0804 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000C0A08 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000C01F8 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000C03FC [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000C0600 [unknown_code_page]
[4180]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000C1014 [unknown_code_page]
[4180]rundll32.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4180]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[4180]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[4180]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->69A34618 [shimeng.dll]
[4180]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000B0600 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000B0804 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000B01F8 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000B0A08 [unknown_code_page]
[4180]rundll32.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000B03FC [unknown_code_page]
[4180]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->69A34618 [shimeng.dll]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[4208]scheduler_proxy.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[4208]scheduler_proxy.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4208]scheduler_proxy.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[4208]scheduler_proxy.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[4208]scheduler_proxy.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->003D0C0C [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->003D0E10 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->003D0804 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->003D0A08 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003D01F8 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003D03FC [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->003D0600 [unknown_code_page]
[4216]ACTray.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->003D1014 [unknown_code_page]
[4216]ACTray.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4216]ACTray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4216]ACTray.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->003C0600 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->003C0804 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003C01F8 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->003C0A08 [unknown_code_page]
[4216]ACTray.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003C03FC [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->003E0C0C [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->003E0E10 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->003E0804 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->003E0A08 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003E01F8 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003E03FC [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->003E0600 [unknown_code_page]
[4232]ACWLIcon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->003E1014 [unknown_code_page]
[4232]ACWLIcon.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4232]ACWLIcon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4232]ACWLIcon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->003D0600 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->003D0804 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003D01F8 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->003D0A08 [unknown_code_page]
[4232]ACWLIcon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003D03FC [unknown_code_page]
[4244]MOM.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->002B0C0C [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->002B0E10 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->002B0804 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->002B0A08 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002B01F8 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002B03FC [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->002B0600 [unknown_code_page]
[4300]cssauth.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->002B1014 [unknown_code_page]
[4300]cssauth.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4300]cssauth.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4300]cssauth.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->002A0600 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->002A0804 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002A01F8 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->002A0A08 [unknown_code_page]
[4300]cssauth.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002A03FC [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00190C0C [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00190E10 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00190804 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00190A08 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001901F8 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001903FC [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00190600 [unknown_code_page]
[4316]tpfnf6r.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00191014 [unknown_code_page]
[4316]tpfnf6r.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4316]tpfnf6r.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4316]tpfnf6r.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4316]tpfnf6r.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[4360]iTunesHelper.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[4360]iTunesHelper.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4360]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[4360]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[4360]iTunesHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[4544]notepad.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[4544]notepad.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4544]notepad.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[4544]notepad.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[4544]notepad.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[4544]notepad.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00270C0C [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00270E10 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00270804 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00270A08 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002701F8 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002703FC [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00270600 [unknown_code_page]
[4548]realsched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00271014 [unknown_code_page]
[4548]realsched.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4548]realsched.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x765EA8C5-->EC810004 [unknown_code_page]
[4548]realsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[4548]realsched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[4548]realsched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00260600 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00260804 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002601F8 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00260A08 [unknown_code_page]
[4548]realsched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002603FC [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4556]RIMBBLaunchAgent.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001601F8 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001603FC [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->69A34618 [shimeng.dll]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00180600 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00180804 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001801F8 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00180A08 [unknown_code_page]
[4556]RIMBBLaunchAgent.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001803FC [unknown_code_page]
[4564]AvastUI.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00370C0C [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00370E10 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00370804 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00370A08 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003701F8 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003703FC [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00370600 [unknown_code_page]
[4576]password_manager.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00371014 [unknown_code_page]
[4576]password_manager.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4576]password_manager.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4576]password_manager.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00360600 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00360804 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003601F8 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00360A08 [unknown_code_page]
[4576]password_manager.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003603FC [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00940C0C [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00940E10 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00940804 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00940A08 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->009401F8 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->009403FC [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00940600 [unknown_code_page]
[4580]msnmsgr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00941014 [unknown_code_page]
[4580]msnmsgr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4580]msnmsgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[4580]msnmsgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00950600 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00950804 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->009501F8 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00950A08 [unknown_code_page]
[4580]msnmsgr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->009503FC [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4808]tvt_reg_monitor_svc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[4808]tvt_reg_monitor_svc.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[4984]TPHDEXLG.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[4984]TPHDEXLG.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[4984]TPHDEXLG.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[4984]TPHDEXLG.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00190600 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00190804 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001901F8 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00190A08 [unknown_code_page]
[4984]TPHDEXLG.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001903FC [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00380C0C [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00380E10 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00380804 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00380A08 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->003801F8 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->003803FC [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00380600 [unknown_code_page]
[5032]rrpservice.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00381014 [unknown_code_page]
[5032]rrpservice.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5032]rrpservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[5032]rrpservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00370600 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00370804 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->003701F8 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00370A08 [unknown_code_page]
[5032]rrpservice.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->003703FC [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00260C0C [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00260E10 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00260804 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00260A08 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002601F8 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002603FC [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00260600 [unknown_code_page]
[5204]rrservice.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00261014 [unknown_code_page]
[5204]rrservice.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5204]rrservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[5204]rrservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00250600 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00250804 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002501F8 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00250A08 [unknown_code_page]
[5204]rrservice.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002503FC [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[5260]SynTPLpr.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[5260]SynTPLpr.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5260]SynTPLpr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[5260]SynTPLpr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[5260]SynTPLpr.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[5432]wlcomm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[5432]wlcomm.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5432]wlcomm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[5432]wlcomm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[5432]wlcomm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[5436]tvtsched.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[5436]tvtsched.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5436]tvtsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001401F8 [unknown_code_page]
[5436]tvtsched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001403FC [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00160600 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00160804 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001601F8 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00160A08 [unknown_code_page]
[5436]tvtsched.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001603FC [unknown_code_page]
[5444]CCC.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00270C0C [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00270E10 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00270804 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00270A08 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->002701F8 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->002703FC [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00270600 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00271014 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5472]FlashUtil10t_ActiveX.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00290600 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00290804 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->002901F8 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00290A08 [unknown_code_page]
[5472]FlashUtil10t_ActiveX.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->002903FC [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00180C0C [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00180E10 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00180804 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00180A08 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001801F8 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001803FC [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00180600 [unknown_code_page]
[5548]SynTPHelper.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00181014 [unknown_code_page]
[5548]SynTPHelper.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[5548]SynTPHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->001501F8 [unknown_code_page]
[5548]SynTPHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->001503FC [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00170600 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00170804 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->001701F8 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00170A08 [unknown_code_page]
[5548]SynTPHelper.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->001703FC [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00080C0C [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00080E10 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00080804 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00080A08 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000801F8 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000803FC [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00080600 [unknown_code_page]
[6000]wuauclt.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00081014 [unknown_code_page]
[6000]wuauclt.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[6000]wuauclt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000601F8 [unknown_code_page]
[6000]wuauclt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000603FC [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00070600 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00070804 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000701F8 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00070A08 [unknown_code_page]
[6000]wuauclt.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000703FC [unknown_code_page]
[656]csrss.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00050C0C [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00050E10 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00050804 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00050A08 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000501F8 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000503FC [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00050600 [unknown_code_page]
[696]wininit.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00051014 [unknown_code_page]
[696]wininit.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[696]wininit.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000301F8 [unknown_code_page]
[696]wininit.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000303FC [unknown_code_page]
[696]wininit.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00060600 [unknown_code_page]
[696]wininit.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00060804 [unknown_code_page]
[696]wininit.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000601F8 [unknown_code_page]
[696]wininit.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00060A08 [unknown_code_page]
[696]wininit.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000603FC [unknown_code_page]
[708]csrss.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[740]services.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[740]services.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[740]services.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[740]services.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[740]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[740]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[740]services.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[740]services.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[740]services.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[740]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[740]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[740]services.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00080600 [unknown_code_page]
[740]services.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00080804 [unknown_code_page]
[740]services.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000801F8 [unknown_code_page]
[740]services.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00080A08 [unknown_code_page]
[740]services.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000803FC [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00070C0C [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00070E10 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00070804 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00070A08 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000701F8 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000703FC [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00070600 [unknown_code_page]
[756]lsass.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00071014 [unknown_code_page]
[756]lsass.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[756]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[756]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[756]lsass.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->000D0600 [unknown_code_page]
[756]lsass.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->000D0804 [unknown_code_page]
[756]lsass.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000D01F8 [unknown_code_page]
[756]lsass.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->000D0A08 [unknown_code_page]
[756]lsass.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000D03FC [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00170C0C [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00170E10 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00170804 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00170A08 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->001701F8 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->001703FC [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00170600 [unknown_code_page]
[764]lsm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00171014 [unknown_code_page]
[764]lsm.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[764]lsm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[764]lsm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->00050C0C [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->00050E10 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->00050804 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->00050A08 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000501F8 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000503FC [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->00050600 [unknown_code_page]
[840]winlogon.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->00051014 [unknown_code_page]
[840]winlogon.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[840]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000301F8 [unknown_code_page]
[840]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000303FC [unknown_code_page]
[840]winlogon.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00060600 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00060804 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->000601F8 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00060A08 [unknown_code_page]
[840]winlogon.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->000603FC [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767B7099-->000B0C0C [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767B71E1-->000B0E10 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767B6DD9-->000B0804 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767B6F81-->000B0A08 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767B72A1-->000B01F8 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76779EB4-->000B03FC [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7677A07E-->000B0600 [unknown_code_page]
[944]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767B6CD9-->000B1014 [unknown_code_page]
[944]svchost.exe-->kernel32.dll+0x00052467, Type: Code Mismatch 0x76612467 + 336999 [62]
[944]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77D293A8-->000501F8 [unknown_code_page]
[944]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77D3B740-->000503FC [unknown_code_page]
[944]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x77826322-->00A30600 [unknown_code_page]
[944]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778287AD-->00A30804 [unknown_code_page]
[944]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x77829F3A-->00A301F8 [unknown_code_page]
[944]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778298DB-->00A30A08 [unknown_code_page]
[944]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x7782C06F-->00A303FC [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
Edited by nortan360, 28 August 2011 - 07:14 AM.