Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Windows Reports I have Spooldr.sys

Started by sarahsmile , Sep 04 2009 07:38 PM

Please log in to reply

34 replies to this topic

#1 sarahsmile

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 04 September 2009 - 07:38 PM

My computer is a Dell Precision M90 laptop on which there is a fresh install of WinXP SP3 on a new 500GB harddrive with 4GB of new Corsair RAM.

It has begun to BSOD each morning with the same error code:

STOP: 0x000000C5 (0x00000D48, 0x00000002, 0x00000000, 0x8054B0BA)

On reboot, I get the "Your system has recovered from a serious error. " then it consults Microsoft and comes back with this:

Remove possible malware from your computer

Your computer experienced a problem that was caused by spooldr.sys.

This product might be malware.

It suggested running the OneCare safety scanner which I am now doing but I doubt that it finds anything.

I googled spooldr.sys and found no trace on my computer. I have CounterSpy, Eset Business 4.0 and Threatfire installed on the computer and scanned with all three and Malwarebytes AntiMalware.

I also

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 neomage

Members
306 posts
OFFLINE

Gender:Male
Location:USA
Local time:10:17 AM

Posted 04 September 2009 - 09:54 PM

Hello, sarahsmile :thumbsup:

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.

:trumpet:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

We Need to check for Rootkits with RootRepeal

Download RootRepeal from the following location and save it to your desktop.
- Direct Download (Recommended)
- Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
- Rar Mirrors - Only if you know what a RAR is and can extract it.
Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
Open on your desktop.
Click the tab.
Click the button.
Check all seven boxes:
Push Ok
Check the box for your main system drive (Usually C:), and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

In your next reply, please include the following:
Kapersky log
RootRepeal.txt

Regards,
neomage

#3 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 05 September 2009 - 08:58 PM

I have tried downloading and installing RootRepeal from all the mirrors, both exe and rar, done will install on my system. They all hang at the "Initializing, please wait" screen.

I did successfully run Kaspersky and here are the results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, September 5, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, September 05, 2009 17:45:27
Records in database: 2749832
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
P:\
Q:\
X:\

Scan statistics:
Objects scanned: 217746
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:47:45

File name / Threat / Threats count
D:\My Stuff\My Pictures\20070926\20070926_0122.zip Infected: Trojan.Win32.Genome.fnx 1

Selected area has been scanned.

#4 neomage

Members
306 posts
OFFLINE

Gender:Male
Location:USA
Local time:10:17 AM

Posted 05 September 2009 - 09:09 PM

Does rootrepeal start or it doesn't start even properly?

#5 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 06 September 2009 - 02:35 AM

RootRepeal does not start. It seems to be either blocked or like a corrupted download. I've downloaded it from the recommended direct download and saved to the desktop. Then I doubleclick after making sure all anti-virus are disabled and no other programs running. It starts by immediately showing the :

"Initializing, please wait" screen in a small box on the screen.

It hangs there each and every time and no matter what source. I've erased and downloaded the rar file and unrar'ed to a different directory and started from there after rebooting. No Difference. It hangs at that same screen.

I've run it in safe mode. Same story: Hangs at Initializing screen.

#6 neomage

Members
306 posts
OFFLINE

Gender:Male
Location:USA
Local time:10:17 AM

Posted 06 September 2009 - 09:58 AM

Lets try another one:

Hello, sarahsmile :thumbsup:

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

:flowers:

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply, please include the following:
GMER log

Regards,
neomage

#7 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 06 September 2009 - 11:52 PM

Wonder of Wonders!

I left RootRepeal running since 4AM yesterday morning and at about 7PM, the program suddenly came up just as I was downloading your GMER file. So I ran the RootRepeal and here is the report:

Sorry I just noticed after posting this that there was an error message from RootRepeal that said unable to scan registry please contact the author.

Hope that doesn't mess up your analysis. I will continue as you suggested last night

Edited by sarahsmile, 07 September 2009 - 05:40 AM.

#8 neomage

Members
306 posts
OFFLINE

Gender:Male
Location:USA
Local time:10:17 AM

Posted 06 September 2009 - 11:56 PM

Hello, sarahsmile :thumbsup:

Seems you are infected with a rootkit. Follow:

:flowers:

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.

Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
If the scan did not start automatically, make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
Click Start scan.
Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
- Files tagged as Removable: No are not marked for removal and cannot be removed.
- Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
- Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
After reboot, a dialog box displays the files you selected for removal and the action taken.
Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.

Disconnect from the Internet or physically unplug you Internet cable connection.
Clean out your temporary files.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

In your next reply, please include the following:
sarscan.log

Regards,
neomage

#9 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 07 September 2009 - 06:59 AM

Here are the results of the Sophos Scan. The Registry Item said not removable and the others were removable but the recommendation was not to remove.

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 9/7/2009 at 7:13:11 AM
User "BigDog" on computer "BIGFIRM"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_USERS\S-1-5-18\Software\Classes
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid
Hidden: file C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci
Hidden: file C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir
Hidden: file C:\WINDOWS\Temp\SBS_VE_AMBR_20090719075824.562_ 509226
Info: Starting disk scan of D: (NTFS).
Hidden: file D:\Temporary Internet Files\Content.IE5\BQF1XS8M\om;net=ns;u=ns-44945849_1252320164,11398d89b586d00,CE_Laptops_Rugged,ns.CEaptops_Rugged_L_L;;kw=;tile=2;ord1=412313;sz=300x250,336x280;contx=CE_Laptops_Rugged;btg=ns[1].CEaptops_Rugged_L_L;ord=9801659779308866
Info: Starting disk scan of E: (NTFS).
Info: Starting disk scan of F: (NTFS).
Info: Starting disk scan of G: (NTFS).
Info: Starting disk scan of H: (NTFS).
Info: Starting disk scan of I: (NTFS).
Info: Starting disk scan of J: (NTFS).
Info: Starting disk scan of P: (FAT).
Info: Starting disk scan of Q: (NTFS).
Stopped logging on 9/7/2009 at 7:48:29 AM

#10 neomage

Members
306 posts
OFFLINE

Gender:Male
Location:USA
Local time:10:17 AM

Posted 07 September 2009 - 06:03 PM

Seems like it didn't detect it. Can you please post the GMER log from above.

#11 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 07 September 2009 - 09:33 PM

GMER 1.0.15.15077 [ofqkf2wq.exe] - http://www.gmer.net
Rootkit scan 2009-09-07 22:14:43
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT 88B29630 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB750A040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB7506930]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBAE104D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB750A510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB7510870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB7510AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB7513FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB750A600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB7506F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB75126E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB7512440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB7510580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB75128B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xB7514270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB7506D70]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xBA91CF68]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xB7510350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xB7510150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB7513250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB7512CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB7509C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB7513080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB750A220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB7507120]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBAE10520]
SSDT 88B29460 ZwSuspendProcess
SSDT 88B29280 ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xB7510CD0]
SSDT 88B290B0 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [10, A5, 50, B7, 70, 08, 51, ...] {ADC [EBP+0x870b750], AH; PUSH ECX; MOV BH, 0xa0; OR DL, [ECX-0x49]}
? srescan.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\369.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[408] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\ESET\ESET Smart Security\egui.exe[560] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DllHost.exe[672] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\DllHost.exe[672] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DllHost.exe[672] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\DllHost.exe[672] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\DllHost.exe[672] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\DllHost.exe[672] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\DllHost.exe[672] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\DllHost.exe[672] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\DllHost.exe[672] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\DllHost.exe[672] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[772] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\winlogon.exe[772] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\winlogon.exe[772] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\winlogon.exe[772] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBF0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F890F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F950F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB60F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F920F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA70F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8F0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F860F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC80F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC20F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB30F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FAA0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAD0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC50F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FB00F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8C0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F830F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [99, 5F] {CDQ ; POP EDI}
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA10F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A5, 5F] {MOVSD ; POP EDI}
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\services.exe[820] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB90F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBC0F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\services.exe[820] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\lsass.exe[832] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\lsass.exe[832] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A

#12 neomage

Members
306 posts
OFFLINE

Gender:Male
Location:USA
Local time:10:17 AM

Posted 07 September 2009 - 09:42 PM

Hello, sarahsmile :thumbsup:

Please download and scan with SUPERAntiSpyware Free

Double-click SUPERAntiSypware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
In the Main Menu, click the Preferences... button.
Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:

Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes" and reboot normally.
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

In your next reply, please include the following:
SUPERAntiSpyware Scan Log

Regards,
neomage

#13 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 07 September 2009 - 09:51 PM

.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1112] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1164] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1228] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1228] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1228] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\spoolsv.exe[1228] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1284] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[1308] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}

.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe[1396] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1432] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1432] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1432] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1512] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FC00F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F960F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB70F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F930F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA80F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F900F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F870F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FCF0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC90F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB40F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FAB0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAE0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FCC0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FB10F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FD20F5A
.text C:\WINDOWS\System32\svchost.exe[1512] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8D0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7E0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9C0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [9A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA20F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A6, 5F] {CMPSB ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9F0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1512] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1512] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FBA0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBD0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\svchost.exe[1512] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\svchost.exe[1512] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FD50F5A
.text C:\WINDOWS\System32\svchost.exe[1512] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD80F5A
.text C:\WINDOWS\System32\svchost.exe[1512] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FDB0F5A
.text C:\WINDOWS\System32\svchost.exe[1512] WININET.dll!InternetOpenUrlA 3D95F39C 6 Bytes JMP 5FC30F5A
.text C:\WINDOWS\System32\svchost.exe[1512] WININET.dll!InternetOpenUrlW 3D9A6F37 6 Bytes JMP 5FC60F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1544] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1544] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1544] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A

#14 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 07 September 2009 - 09:52 PM

.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1796] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[1808] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\System32\SCardSvr.exe[2064] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2100] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe[2128] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A

#15 sarahsmile

Topic Starter

Members
45 posts
OFFLINE

Local time:11:17 AM

Posted 07 September 2009 - 09:56 PM

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBF0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F890F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F950F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB60F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F920F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA70F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F860F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC80F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC20F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB30F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FAA0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAD0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC50F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FB00F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F830F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [99, 5F] {CDQ ; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA10F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A5, 5F] {MOVSD ; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB90F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBC0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2136] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2220] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\vmnat.exe[2296] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\vmnat.exe[2296] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\vmnat.exe[2296] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\vmnat.exe[2296] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\vmnat.exe[2296] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[2300] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2372] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] shell32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] shell32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] shell32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] shell32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] shell32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] shell32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2444] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A

.text C:\WINDOWS\system32\rundll32.exe[2512] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2512] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[2512] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2512] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2512] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\rundll32.exe[2512] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] WININET.dll!InternetOpenUrlA 3D95F39C 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] WININET.dll!InternetOpenUrlW 3D9A6F37 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2532] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD90F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text D:\Program Files\VMware\VMware Workstation\vmware-tray.exe[2548] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[2672] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2672] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2672] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[2672] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[2672] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[2672] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[2672] WININET.dll!InternetOpenUrlA 3D95F39C 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[2672] WININET.dll!InternetOpenUrlW 3D9A6F37 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[2672] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[2672] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD60F5A
.text C:\WINDOWS\system32\svchost.exe[2672] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD90F5A
.text C:\WINDOWS\Explorer.EXE[2796] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2796] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2796] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2796] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\Explorer.EXE[2796] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Explorer.EXE[2796] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2796] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2796] WININET.dll!InternetOpenUrlA 3D95F39C 6 Bytes JMP 5FC50F5A
.text C:\WINDOWS\Explorer.EXE[2796] WININET.dll!InternetOpenUrlW 3D9A6F37 6 Bytes JMP 5FC80F5A
.text C:\WINDOWS\Explorer.EXE[2796] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[2796] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\Explorer.EXE[2796] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\Explorer.EXE[2796] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[2796] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[2796] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[2796] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\Explorer.EXE[2796] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\Explorer.EXE[2796] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FDD0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2808] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2852] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2852] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2852] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2852] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2852] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[2852] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[2852] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[2852] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[2852] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[2852] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2864] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2904] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2940] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2940] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2940] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[2940] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[2940] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\svchost.exe[2940] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\svchost.exe[2940] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\svchost.exe[2940] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\svchost.exe[2940] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\svchost.exe[2940] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] shell32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] shell32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] shell32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] shell32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] shell32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] shell32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[2960] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] WININET.dll!InternetOpenUrlA 3D95F39C 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[3096] WININET.dll!InternetOpenUrlW 3D9A6F37 6 Bytes JMP 5FD90F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBF0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F890F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F950F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB60F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F920F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA70F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F860F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FCE0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC80F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB30F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FAA0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAD0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FCB0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FB00F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FD10F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F830F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [99, 5F] {CDQ ; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA10F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A5, 5F] {MOVSD ; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FD40F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD70F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FDA0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB90F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBC0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3156] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[3248] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\dllhost.exe[3248] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[3248] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dllhost.exe[3248] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\dllhost.exe[3248] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\dllhost.exe[3248] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A

.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3288] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[3332] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[3452] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3556] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3708] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[3708] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3708] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3708] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\WINDOWS\system32\rundll32.exe[3708] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[3736] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3820] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!TlsGetValue 7C8097E0 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] WS2_32.dll!socket 71AB4211 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] WS2_32.dll!bind 71AB4480 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3900] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 5FD30F5A