Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Microsoft Security Essentials and now cannot acquire ip address


  • Please log in to reply
31 replies to this topic

#1 firstbaselady

firstbaselady

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 January 2012 - 01:01 PM

5 days ago, I ran Microsoft Security Essentials on my laptop to remove a suspected virus. Since then my computer has been running faster, but now I am unable to connect to the internet. Neither my wired nor wireless connection will connect. Both spin in circles saying "Acquiring IP Address." I have since connected two other devices to the connection, so I now that my issue is not laying with the router. Since this issue has started, I have been scouring the internet for solutions and haven't been able to find one. I have checked the Internet Protocol (TCP/IP) Properties and they are set to obtain automatically. Because of the things that I have seen on the blogs I have come across and what I am seeing on my computer, I am wondering if I have some form of malware attached to my system.

Any help would be greatly appriciated and a HUGE thank you in advance.

BC AdBot (Login to Remove)

 


#2 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 January 2012 - 01:27 PM

Forgot to include that I am running Windows XP Media Edition. Thank you again.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:20 PM

Posted 07 January 2012 - 01:34 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 Jet Stream 1

Jet Stream 1

  • Validating
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 January 2012 - 01:52 PM

This worked for me http://support.microsoft.com/kb/299357

#5 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 07:50 PM

So ready for this issue to be done!

@ Jet Stream 1: I tried the Microsoft Fix and unfortunately, it didn't work.

@ Broni: Hope this is everything you want and hopefully you are able to get some info from all of this.

Security Check:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Spyware Doctor with AntiVirus 8.0
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor with AntiVirus 8.0
Windows Defender
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

ThreatFire TFService.exe
``````````End of Log````````````

Farbar:
Farbar Service Scanner
Ran by Laura (administrator) on 08-01-2012 at 10:36:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) pctgntdi(8) PSched(7) Tcpip(3) Tcpip6(10)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox:
Farbar Service Scanner
Ran by Laura (administrator) on 08-01-2012 at 10:36:45
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\afd.sys is missing.
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(9) Gpc(6) IPSec(4) NetBT(5) pctgntdi(8) PSched(7) Tcpip(3) Tcpip6(10)
0x0A0000000400000001000000020000000300000008000000050000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

MalwareBytes:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.31.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Laura :: DJ9K6PB1 [limited]

1/8/2012 10:42:28 AM
mbam-log-2012-01-08 (10-42-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227042
Time elapsed: 1 hour(s), 28 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:20 PM

Posted 08 January 2012 - 07:53 PM

You posted FSS log twice instead of MiniToolbox log.

I still need GMER log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:15 PM

GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 18:06:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-75LAT0 rev.02.06M02
Running: 5.exe; Driver: C:\DOCUME~1\Laura\LOCALS~1\Temp\pxlyapow.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7224CE0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7350A96]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7350D5E]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7224F40]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF7225000]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF7224B80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF737391A]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7225200]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF72273A0]

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys F7568BD0 4 Bytes [B0, A5, 53, 80]
INITc VolSnap.sys F7568BF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys F7568C20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys F7568C48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys F7568C70 4 Bytes [7A, A8, 4F, 80]
INITc ...
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[252] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A

.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01370001
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\igfxpers.exe[356] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\igfxpers.exe[356] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\igfxpers.exe[356] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\system32\igfxpers.exe[356] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\igfxpers.exe[356] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\igfxpers.exe[356] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\igfxpers.exe[356] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\igfxpers.exe[356] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [80, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [95, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [89, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A1, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9B, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [28, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [98, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8C, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9E, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [40, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [86, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [92, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8F, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [83, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B1000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E4000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 712C000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D8000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04710001
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7165000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A

#8 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:25 PM

.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7168000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7156000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7159000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70DB000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C6000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 711A000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7162000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7114000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [70, 71] {JO 0x73}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70DE000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E7000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 713E000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7117000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70BA000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C3000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C0000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 713B000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70BD000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7147000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E1000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71770F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 717E0F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 715C000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [79, 71] {JNS 0x73}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7138000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70CC000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7135000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C8, 70]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [31, 71]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 715F000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7120000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70CF000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 712F000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71740F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7144000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [1C, 71] {SBB AL, 0x71}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70FC000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70EA000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 710E000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70FF000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7102000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 4 Bytes JMP EC001E25
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegQueryValueExA + 5 77DD7AC0 1 Byte [70]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F6000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F0000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7111000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F9000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7105000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D2000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D4, 70] {AAM 0x70}
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7108000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F3000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 710B000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 716C000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7126000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7123000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 714A000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70B7000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B4000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 714D000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7153000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7150000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] WININET.DLL!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70AE000A
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[388] WININET.DLL!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70AB000A

.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\hkcmd.exe[456] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\hkcmd.exe[456] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\system32\hkcmd.exe[456] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\hkcmd.exe[456] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\hkcmd.exe[456] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\hkcmd.exe[456] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\hkcmd.exe[456] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]

.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01410001
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\igfxsrvc.exe[528] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\WINDOWS\explorer.exe[576] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5D, 71]
.text C:\WINDOWS\explorer.exe[576] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E6000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7119000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7161000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710D000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7110000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B9000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FB000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7098000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714F000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C2000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C5000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BC000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BF000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7149000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7113000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711C000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D7000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7092000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DD000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714C000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EF000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F8000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F5000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7089000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AA000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A7000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DA000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708C000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7095000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708F000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F2000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D4000A
.text C:\WINDOWS\explorer.exe[576] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7116000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7131000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711F000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7143000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7134000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7137000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D1000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7122000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712B000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7125000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7146000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712E000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713A000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C8000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A4000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A1000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7107000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [09, 71]
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CB000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713D000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7128000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7140000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CE000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715B000A
.text C:\WINDOWS\explorer.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7158000A
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F0F0F5A
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F120F5A
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F180F5A
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [0D, 5F]
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0A, 5F]
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709B000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716D000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7101000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716A000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FD, 70]
.text C:\WINDOWS\explorer.exe[576] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AD000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [66, 71]
.text C:\WINDOWS\explorer.exe[576] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B3000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B0000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709E000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7155000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7104000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B6000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7164000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\explorer.exe[576] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\explorer.exe[576] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [51, 71]
.text C:\WINDOWS\explorer.exe[576] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70E3000A
.text C:\WINDOWS\explorer.exe[576] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70E0000A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70EC000A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E9000A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\explorer.exe[576] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\csrss.exe[596] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02D70001
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016F0001
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7181000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\winlogon.exe[620] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\winlogon.exe[620] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [2E, 71]
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!DrawTextA 7E43C702 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\winlogon.exe[620] USER32.dll!DrawTextA + 5 7E43C707 1 Byte [70]
.text C:\WINDOWS\system32\winlogon.exe[620] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\winlogon.exe[620] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [37, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4F, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]

.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [80, 71]
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateThread 7C8106D7 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateThread + 5 7C8106DC 1 Byte [70]
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E3, 70] {JECXZ 0x72}
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\services.exe[668] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D7, 70]
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [40, 71]
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[668] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\services.exe[668] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[668] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\services.exe[668] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\services.exe[668] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\services.exe[668] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\services.exe[668] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [32, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4A, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BB000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EE000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7136000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E2000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7160000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7163000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E5000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7094000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D0000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7073000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7124000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709D000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A0000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7097000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709A000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711E000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E8000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F1000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B2000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7148000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706D000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B8000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7121000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C4000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CD000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CA000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7064000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7085000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7082000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B5000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7067000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7070000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7145000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706A000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C7000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7151000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AF000A
.text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EB000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7106000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F4000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7118000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7109000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710C000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AC000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F7000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7100000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FA000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711B000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7103000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710F000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A3000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707F000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707C000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DC000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DE, 70]
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A6000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7112000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FD000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7115000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A9000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7130000A
.text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712D000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7166000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7076000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7142000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D6000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713F000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D2, 70]
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7088000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3B, 71]
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708E000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708B000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7079000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712A000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D9000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7091000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7139000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714E000A
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [26, 71]
.text C:\WINDOWS\system32\lsass.exe[680] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7154000A
.text C:\WINDOWS\system32\lsass.exe[680] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C1000A
.text C:\WINDOWS\system32\lsass.exe[680] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BE000A
.text C:\WINDOWS\system32\lsass.exe[680] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\lsass.exe[680] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715D000A
.text C:\WINDOWS\system32\lsass.exe[680] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [27, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3F, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E3000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 712B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02BA0001
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7164000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7167000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7155000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7158000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70DA000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7083000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7062000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7119000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7161000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7086000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7089000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7113000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6E, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70DD000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 713D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A7000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7116000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7053000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7074000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7071000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A4000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7056000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 713A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7059000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70BC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7146000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70FB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E9000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 710D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70FE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7101000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70EC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F5000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EF000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7110000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F8000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7104000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7092000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D1000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D3, 70]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7095000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7107000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 710A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7098000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 716B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7125000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7122000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71760F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 717D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 715B000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7065000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7137000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70CB000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7134000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C7, 70]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7077000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [30, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707D000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707A000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7068000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 715E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70CE000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7080000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 712E000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71730F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7143000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [1B, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7149000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70B6000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B3000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 714C000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7152000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714F000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70AD000A
.text C:\Program Files\iTunes\iTunesHelper.exe[824] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]

.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [37, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4F, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [80, 71]
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateThread 7C8106D7 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateThread + 5 7C8106DC 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E3, 70] {JECXZ 0x72}
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[868] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D7, 70]
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [40, 71]
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[868] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[868] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[868] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[868] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\svchost.exe[868] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[868] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[868] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715F000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [62, 71]
.text C:\WINDOWS\eHome\ehmsas.exe[940] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [7B, 71] {JNP 0x73}
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70EB000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711E000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7166000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7112000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71A0000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71A3000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7191000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7194000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7115000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C4000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 7100000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 70A3000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7154000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 719D000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70CD000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70D0000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C7000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70CA000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714E000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7118000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7121000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70E2000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7179000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 709D000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E8000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7151000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F4000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70FD000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70FA000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7094000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B5000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70B2000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E5000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7097000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 70A0000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7176000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 709A000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F7000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7182000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DF000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 711B000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7197000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A6000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7173000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7106000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716F000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [02, 71]
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B8000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [6B, 71]
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BE000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70BB000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A9000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 719A000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 715A000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7109000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70C1000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7169000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717F000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [56, 71]
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7136000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7124000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7148000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7139000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 713C000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70DC000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7127000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7130000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 712A000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 714B000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7133000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713F000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70D3000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AF000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70AC000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 710C000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0E, 71]
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D6000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7142000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 712D000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7145000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D9000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A7000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7160000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 715D000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7185000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70F1000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EE000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7188000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 718E000A
.text C:\WINDOWS\eHome\ehmsas.exe[940] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 718B000A
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [32, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4A, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BB000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EE000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7136000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E2000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01350001
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7160000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7163000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E5000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7094000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D0000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7073000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7124000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709D000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A0000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7097000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709A000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711E000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E8000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F1000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B2000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7148000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706D000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B8000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7121000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C4000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CD000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CA000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7064000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7085000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7082000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B5000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7067000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7070000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7145000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706A000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C7000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7151000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AF000A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EB000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7106000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F4000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7118000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7109000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710C000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AC000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F7000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7100000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FA000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711B000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7103000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710F000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A3000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707F000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707C000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DC000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DE, 70]
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A6000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7112000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FD000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7115000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A9000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7130000A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712D000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7166000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7076000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7142000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D6000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713F000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D2, 70]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7088000A

.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3B, 71]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708E000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708B000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7079000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712A000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D9000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7091000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7139000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714E000A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [26, 71]
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7154000A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C1000A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BE000A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715D000A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715A000A
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [31, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [49, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileA + 5 7C801A2D 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02DD0001
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 706B000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7A, 71] {JP 0x73}
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 705C000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707D000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705F000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DD, 70]
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706E000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D1, 70]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7080000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7086000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7083000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7089000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714D000A

.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1016] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [25, 71]
.text C:\WINDOWS\System32\svchost.exe[1016] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1016] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1016] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1016] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1016] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1016] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [37, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4F, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AE0001
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [80, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateThread 7C8106D7 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateThread + 5 7C8106DC 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E3, 70] {JECXZ 0x72}
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D7, 70]
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [40, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1088] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3A, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [52, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualAlloc 7C809AF1 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!VirtualAlloc + 5 7C809AF6 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E6, 70] {OUT 0x70, AL}
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [DA, 70]
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [43, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2E, 71]
.text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C6000A

.text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [37, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4F, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C60001
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7078000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [80, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateThread 7C8106D7 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateThread + 5 7C8106DC 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7072000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7069000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706C000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7075000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706F000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1192] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7084000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7081000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E3, 70] {JECXZ 0x72}
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707B000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D7, 70]
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [40, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 707E000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1192] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2B, 71]
.text C:\WINDOWS\System32\svchost.exe[1192] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1192] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1192] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\svchost.exe[1192] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1192] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1192] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[1248] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[1248] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\ctfmon.exe[1248] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [32, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BB000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EE000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7136000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E2000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01050001
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7160000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7163000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E5000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7094000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D0000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7073000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7124000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709D000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A0000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7097000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709A000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711E000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E8000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F1000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B2000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7148000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706D000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B8000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7121000A

#9 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:26 PM

.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C4000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CD000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CA000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7064000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7085000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7082000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B5000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7067000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7070000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7145000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706A000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C7000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7151000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AF000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EB000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7106000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F4000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7118000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7109000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710C000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AC000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F7000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7100000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FA000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711B000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7103000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710F000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A3000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707F000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707C000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DC000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DE, 70]
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A6000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7112000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FD000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7115000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A9000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7130000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712D000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7166000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7076000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7142000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D6000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713F000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D2, 70]
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7088000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708E000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708B000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7079000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712A000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D9000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7091000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7139000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714E000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1388] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [26, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1388] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7154000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C1000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BE000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715D000A
.text C:\WINDOWS\system32\spoolsv.exe[1388] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715A000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [2D, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [45, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B6000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E9000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7131000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70DD000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03540001
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716A000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 716D000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715B000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 715E000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E0000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7089000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CB000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7068000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 711F000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7167000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7092000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7095000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 708C000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708F000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7119000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E3000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EC000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A7000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7143000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7062000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70AD000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711C000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70BF000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C8000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C5000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7059000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707A000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7077000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AA000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705C000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7065000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7140000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705F000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C2000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714C000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A4000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E6000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 714F000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BC000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B9000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7152000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7158000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7155000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7101000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70EF000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7113000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7104000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7107000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A1000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F2000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FB000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F5000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7116000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70FE000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710A000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7098000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7074000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7071000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D7000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D9, 70]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709B000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 710D000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F8000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7110000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 709E000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7172000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712B000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7128000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717C0F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71830F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7161000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706B000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 713D000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D1000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713A000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 707D000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [36, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7083000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7080000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 706E000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7164000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7125000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D4000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7086000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7134000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71790F5A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7149000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [21, 71]
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70B3000A
.text C:\Program Files\DellSupport\DSAgnt.exe[1516] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [37, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4F, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00920001
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [80, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateThread 7C8106D7 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateThread + 5 7C8106DC 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[1736] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E3, 70] {JECXZ 0x72}
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D7, 70]
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [40, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1736] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2B, 71]
.text C:\WINDOWS\system32\svchost.exe[1736] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[1736] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[1736] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\svchost.exe[1736] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[1736] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[1736] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[1736] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[1736] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70BA000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]

#10 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:29 PM

.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015C0001
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 708C000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 706B000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7095000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7098000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 708F000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7092000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70AA000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7065000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B0000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 705C000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707D000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 707A000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AD000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705F000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7068000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7062000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A7000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706E000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7080000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7086000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7083000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7071000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7089000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A4000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 709B000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7077000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7074000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A1000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\ehome\ehtray.exe[1764] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [2D, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [45, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013E0001
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7068000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [75, 71] {JNZ 0x73}
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7062000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7059000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705C000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7065000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705F000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D9, 70]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7172000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71830F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713A000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [CD, 70] {INT 0x70}
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [36, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71790F5A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [21, 71]
.text C:\WINDOWS\system32\WLTRAY.exe[1772] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7152000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\WLTRAY.exe[1772] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B0000A
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01790001
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A

#11 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:31 PM

.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\stsystra.exe[1784] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\stsystra.exe[1784] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\stsystra.exe[1784] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\stsystra.exe[1784] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\stsystra.exe[1784] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\stsystra.exe[1784] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\stsystra.exe[1784] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\stsystra.exe[1784] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016B0001
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1812] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A

.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1820] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe[1832] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [88, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9D, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [91, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A9, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A3, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [30, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A0, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [94, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A6, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [48, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8E, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9A, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [97, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8B, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B9000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EC000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7134000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E0000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716D000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715E000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7161000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E3000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CE000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7122000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716A000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711C000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E6000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EF000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7146000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711F000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C2000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CB000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C8000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7143000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C5000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714F000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E9000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7104000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F2000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7116000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7107000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710A000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F5000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FE000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F8000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7119000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7101000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710D000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DA000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DC, 70]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7110000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FB000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7113000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7175000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712E000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712B000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71860F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7164000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [81, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7140000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D4000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713D000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D0, 70]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [39, 71]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7167000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7128000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7137000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714C000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [24, 71] {AND AL, 0x71}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7152000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BF000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BC000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7155000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715B000A
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1844] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7158000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [58, 71]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [71, 71] {JNO 0x73}
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E1000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7114000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715C000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7108000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7196000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7199000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7187000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718A000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710B000A

#12 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:36 PM

.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BA000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F6000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7099000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714A000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7193000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C3000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C6000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BD000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C0000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7144000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [A0, 71]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710E000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7117000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D8000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716E000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7093000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DE000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7147000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EA000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F3000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F0000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708A000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AB000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A8000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DB000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708D000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7096000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716B000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7090000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CopyFileExA 7C85F39C 4 Bytes JMP EC001E25
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CopyFileExA + 5 7C85F3A1 1 Byte [70]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7178000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D5000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7111000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A70F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718D000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709C000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A9, 71]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7168000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FC000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7165000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F8, 70]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AE000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [61, 71]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B4000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B1000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709F000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7190000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7150000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FF000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B7000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715F000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A40F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7175000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4C, 71]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712C000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711A000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713E000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712F000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7132000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D2000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711D000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7126000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7120000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7141000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7129000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7135000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C9000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A5000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A2000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7102000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [04, 71] {ADD AL, 0x71}
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CC000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7138000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7123000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713B000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CF000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719D000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7156000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7153000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717B000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E7000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E4000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717E000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7184000A
.text C:\Program Files\Spyware Doctor\BDT\FGuard.exe[1904] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7181000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [2D, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [45, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B6000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E9000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7131000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70DD000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C20001
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716A000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 716D000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715B000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 715E000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E0000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7089000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CB000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7068000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 711F000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7167000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7092000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7095000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 708C000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708F000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7119000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E3000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EC000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A7000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7143000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7062000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70AD000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711C000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70BF000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C8000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C5000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7059000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707A000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7077000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AA000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705C000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7065000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7140000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705F000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C2000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714C000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A4000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E6000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7101000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70EF000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7113000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7104000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7107000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A1000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F2000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FB000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F5000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7116000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70FE000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710A000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7098000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7074000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7071000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D7000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D9, 70]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709B000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 710D000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F8000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7110000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 709E000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7172000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712B000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7128000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717C0F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71830F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7161000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706B000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 713D000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D1000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713A000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 707D000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [36, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7083000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7080000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 706E000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7164000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7125000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D4000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7086000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7134000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71790F5A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7149000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [21, 71]
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70B3000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B0000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 714F000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BC000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B9000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7152000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7158000A
.text C:\Program Files\Dell\QuickSet\Quickset.exe[1916] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7155000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [85, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9A, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8E, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A6, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A0, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [2D, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9D, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [91, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A3, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [45, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8B, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [97, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [94, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [88, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B6000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E9000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7131000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70DD000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716A000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 716D000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715B000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 715E000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E0000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 708F000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CB000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 706E000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 711F000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7167000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7098000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709B000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7092000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7095000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7119000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E3000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70EC000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70AD000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7143000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7068000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B3000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 711C000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70BF000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C8000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C5000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 705F000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7080000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 707D000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B0000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7062000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706B000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7140000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7065000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C2000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 714C000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AA000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E6000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 717C0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71830F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7161000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7071000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 713D000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D1000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713A000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7083000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [36, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7089000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7086000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7074000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7164000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7125000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D4000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708C000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7134000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71790F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7149000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [21, 71]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 714F000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70BC000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B9000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7152000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7158000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7155000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7101000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70EF000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7113000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7104000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7107000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A7000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F2000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FB000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F5000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7116000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70FE000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710A000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 709E000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707A000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7077000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D7000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D9, 70]
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A1000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 710D000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F8000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7110000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A4000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7172000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712B000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1928] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7128000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [27, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3F, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B0000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E3000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 712B000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D7000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01FD0001
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7164000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7167000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7155000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7158000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70DA000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7089000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C5000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7068000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7119000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7161000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7092000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7095000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 708C000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708F000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7113000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6E, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70DD000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E6000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A7000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 713D000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7062000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70AD000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7116000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B9000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C2000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BF000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7059000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707A000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7077000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AA000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705C000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7065000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 713A000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705F000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70BC000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7146000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A4000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E0000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71760F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 717D0F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 715B000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706B000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [78, 71] {JS 0x73}
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7137000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70CB000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7134000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C7, 70]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 707D000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [30, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7083000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7080000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 706E000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 715E000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711F000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70CE000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7086000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 712E000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71730F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7143000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [1B, 71]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70FB000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E9000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 710D000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70FE000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7101000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A1000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70EC000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F5000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EF000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7110000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F8000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7104000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7098000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7074000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7071000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D1000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D3, 70]
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709B000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7107000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F2000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 710A000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 709E000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 716B000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7125000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7122000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7149000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70B6000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B3000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 714C000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7152000A
.text C:\Program Files\Iomega Storage Manager\IomegaStorageManager.exe[1980] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714F000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [80, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [95, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [89, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A1, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9B, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [28, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [98, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8C, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9E, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [40, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [86, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [92, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8F, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [83, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70B0000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70E3000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 712C000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D7000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7165000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7168000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7156000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7159000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70DA000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7089000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C5000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7068000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7119000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7162000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7092000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7095000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 708C000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708F000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7113000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [70, 71] {JO 0x73}
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70DD000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E6000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A7000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 713E000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7062000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70AD000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7116000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B9000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70C2000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BF000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7059000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707A000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7077000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AA000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 705C000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7065000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 713B000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705F000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70BC000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7147000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A4000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70E0000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71770F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 717E0F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 715C000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706B000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [79, 71] {JNS 0x73}
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7138000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70CB000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7135000A

.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C7, 70]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 707D000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [31, 71]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7083000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7080000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 706E000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 715F000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7120000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70CE000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7086000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 712F000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71740F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7144000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [1C, 71] {SBB AL, 0x71}
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70FB000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E9000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 710D000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70FE000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7101000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A1000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70EC000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F5000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EF000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7110000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F8000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7104000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7098000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7074000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7071000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70D1000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [D3, 70]
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709B000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7107000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70F2000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 710A000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 709E000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 716C000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7126000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7123000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 714A000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70B6000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70B3000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 714D000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7153000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2024] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7150000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [33, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4B, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BC000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EF000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7137000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E3000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007F0001
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7170000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7176000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7173000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7161000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7164000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E6000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7095000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7074000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7125000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A1000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7098000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7C, 71] {JL 0x73}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E9000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F2000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B3000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7149000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B9000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7122000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CE000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CB000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7065000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7086000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7083000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B6000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7068000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7071000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7146000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C8000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7152000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B0000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EC000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7107000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F5000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7119000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AD000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F8000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7101000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FB000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7104000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7110000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A4000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7080000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707D000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DD000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DF, 70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A7000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7113000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FE000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7116000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70AA000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7179000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7131000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7167000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7077000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7143000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D7000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7140000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D3, 70]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7089000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3C, 71] {CMP AL, 0x71}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708C000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 707A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712B000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DA000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7092000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714F000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [27, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7155000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C2000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BF000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7158000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715E000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715B000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [82, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [97, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8B, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A3, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9D, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [36, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9A, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8E, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A0, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4E, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [88, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [94, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [91, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [85, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BF000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F2000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713A000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E6000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7173000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7179000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7176000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7164000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7167000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E9000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7098000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D4000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7077000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7128000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7170000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A1000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A4000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709B000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709E000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7122000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70EC000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F5000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B6000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714C000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7071000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BC000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7125000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C8000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D1000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CE000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7068000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7089000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7086000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B9000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706B000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7074000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7149000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706E000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CB000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7155000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B3000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EF000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716A000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707A000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7146000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DA000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7143000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D6, 70]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708C000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3F, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7092000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708F000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 707D000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716D000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712E000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DD000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7095000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713D000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7152000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2A, 71]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710A000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F8000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711C000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710D000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7110000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B0000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FB000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7104000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FE000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711F000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7107000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7113000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A7000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7083000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7080000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E0000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E2, 70] {LOOP 0x72}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AA000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7116000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7101000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7119000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70AD000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717C000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7134000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7131000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7158000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C5000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C2000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715B000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7161000A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2128] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715E000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3A, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [52, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C3000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F6000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713E000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70EA000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7168000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716B000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!VirtualAlloc 7C809AF1 4 Bytes JMP EC001E25
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!VirtualAlloc + 5 7C809AF6 1 Byte [70]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709C000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D8000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707B000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712C000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A5000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A8000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709F000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A2000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7126000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70F0000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F9000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70BA000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7150000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7075000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70C0000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7129000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CC000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D5000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D2000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706C000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708D000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 708A000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BD000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706F000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7078000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714D000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7072000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7159000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B7000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F3000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716E000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707E000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 714A000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DE000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7147000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [DA, 70]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7090000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [43, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7096000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7093000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7081000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7132000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E1000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7099000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7141000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7156000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2E, 71]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710E000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FC000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7120000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7111000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7114000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B4000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FF000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7108000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7102000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7123000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710B000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7117000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AB000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7087000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7084000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E4000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E6, 70] {OUT 0x70, AL}
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AE000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 711A000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7105000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711D000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B1000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7138000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7135000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715C000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C9000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C6000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715F000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7165000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2300] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7162000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3A, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [52, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C3000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F6000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713E000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70EA000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7168000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716B000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!VirtualAlloc 7C809AF1 4 Bytes JMP EC001E25
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!VirtualAlloc + 5 7C809AF6 1 Byte [70]
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709C000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D8000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707B000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712C000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A5000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A8000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709F000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A2000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7126000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70F0000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F9000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70BA000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7150000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7075000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70C0000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7129000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CC000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D5000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D2000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706C000A

.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708D000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 708A000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BD000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706F000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7078000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714D000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7072000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7159000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B7000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F3000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716E000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707E000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 714A000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DE000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7147000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [DA, 70]
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7090000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [43, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7096000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7093000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7081000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7132000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E1000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7099000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7141000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7156000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2E, 71]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710E000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FC000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7120000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7111000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7114000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B4000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FF000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7108000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7102000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7123000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710B000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7117000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AB000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7087000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7084000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E4000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E6, 70] {OUT 0x70, AL}
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AE000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 711A000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7105000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711D000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B1000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7138000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7135000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715C000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C9000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C6000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715F000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7165000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7162000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] WININET.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 7069000A
.text C:\WINDOWS\eHome\ehSched.exe[2332] WININET.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 7066000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [32, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4A, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateFileA 7C801A28 4 Bytes JMP EC001E25
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateFileA + 5 7C801A2D 1 Byte [70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7136000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017E0001
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7160000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7163000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7093000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7072000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7124000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7096000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7099000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7148000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7121000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7063000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7084000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7081000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7066000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7145000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7069000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7151000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AE000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7105000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7117000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7108000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7102000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A2000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DD, 70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7111000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7114000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7130000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7166000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7075000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7142000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D1, 70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7087000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3B, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708A000A

.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7078000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7169000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7090000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7139000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [26, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7154000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BD000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7157000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2492] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715A000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3A, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [52, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C3000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F6000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!VirtualAlloc 7C809AF1 4 Bytes JMP EC001E25
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!VirtualAlloc + 5 7C809AF6 1 Byte [70]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707B000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712C000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7075000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706C000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706F000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7078000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7072000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7102000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7123000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7117000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E6, 70] {OUT 0x70, AL}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716E000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707E000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 714A000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [DA, 70]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [43, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7156000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2E, 71]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715F000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2612] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7162000A
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [82, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [97, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8B, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A3, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9D, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [36, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9A, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8E, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A0, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4E, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [88, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [94, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [91, 71]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [85, 71]
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BF000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F2000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713A000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E6000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7173000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7179000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7176000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7164000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7167000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E9000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7092000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D4000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7071000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7128000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7170000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709B000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709E000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7095000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7098000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7122000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7F, 71] {JG 0x73}
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70EC000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F5000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B0000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714C000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706B000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B6000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7125000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C8000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D1000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CE000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7062000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7083000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7080000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B3000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7065000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706E000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7149000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7068000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CB000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7155000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AD000A
.text C:\WINDOWS\svcs.exe[2712] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EF000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716A000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7074000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7146000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DA000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7143000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] user32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D6, 70]
.text C:\WINDOWS\svcs.exe[2712] user32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7086000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] user32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3F, 71]
.text C:\WINDOWS\svcs.exe[2712] user32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708C000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7089000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7077000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 716D000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712E000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70DD000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!DrawTextA 7E43C702 6 Bytes JMP 708F000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!DdeConnect 7E4581C3 6 Bytes JMP 713D000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!EndTask 7E45A0A5 6 Bytes JMP 7152000A
.text C:\WINDOWS\svcs.exe[2712] user32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] user32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2A, 71]
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710A000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F8000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711C000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 710D000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7110000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AA000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FB000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7104000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FE000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711F000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7107000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7113000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A1000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707D000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707A000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E0000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E2, 70] {LOOP 0x72}
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A4000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7116000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7101000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7119000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A7000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 717C000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!CreateServiceA 77E37211 6 Bytes JMP 7134000A
.text C:\WINDOWS\svcs.exe[2712] advapi32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7131000A
.text C:\WINDOWS\svcs.exe[2712] wininet.dll!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70BC000A
.text C:\WINDOWS\svcs.exe[2712] wininet.dll!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B9000A
.text C:\WINDOWS\svcs.exe[2712] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7158000A
.text C:\WINDOWS\svcs.exe[2712] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C5000A
.text C:\WINDOWS\svcs.exe[2712] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C2000A
.text C:\WINDOWS\svcs.exe[2712] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715B000A
.text C:\WINDOWS\svcs.exe[2712] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7161000A
.text C:\WINDOWS\svcs.exe[2712] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 715E000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [32, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4A, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BB000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70EE000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7136000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E2000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716F000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7160000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7163000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E5000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7094000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D0000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7073000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7124000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716C000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709D000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A0000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7097000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 709A000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711E000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E8000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F1000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B2000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7148000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706D000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B8000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7121000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C4000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CD000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70CA000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7064000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7085000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7082000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B5000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7067000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7070000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7145000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 706A000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C7000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7151000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AF000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EB000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7106000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F4000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7118000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7109000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710C000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AC000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F7000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7100000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70FA000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711B000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7103000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710F000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A3000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707F000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707C000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DC000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DE, 70]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A6000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7112000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FD000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7115000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A9000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7130000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712D000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7166000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7076000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7142000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D6000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713F000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D2, 70]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7088000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3B, 71]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708E000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708B000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7079000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7169000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 712A000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D9000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7091000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7139000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714E000A
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Iomega Storage Manager\pCloudd.exe[2788] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [26, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [31, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [49, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BA000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateFileA 7C801A28 4 Bytes JMP EC001E25
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateFileA + 5 7C801A2D 1 Byte [70]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7135000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E1000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02250001
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716E000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7174000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7171000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715F000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7162000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E4000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7093000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CF000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7072000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7123000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716B000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709C000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709F000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7096000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7099000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711D000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7A, 71] {JP 0x73}
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E7000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F0000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B1000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7147000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706C000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B7000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7120000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C3000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CC000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C9000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7063000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7084000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7081000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B4000A

.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7066000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706F000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7144000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7069000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C6000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7150000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AE000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EA000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7165000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7075000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7141000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D5000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713E000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D1, 70]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7087000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3A, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708D000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708A000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7078000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7168000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7129000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D8000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7090000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7138000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714D000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [25, 71]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7105000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F3000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7117000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7108000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710B000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AB000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F6000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FF000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F9000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711A000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7102000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710E000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A2000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707E000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707B000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DB000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DD, 70]
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A5000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7111000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FC000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7114000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A8000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7177000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712F000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712C000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7153000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C0000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BD000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7156000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715C000A
.text C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe[2824] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7159000A
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[3080] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Spyware Doctor\TFEngine\TFService.exe[3080] kernel32.dll!CreateRemoteThread + 174 7C810640 4 Bytes JMP 71AF0000
.text E:\5.exe[3152] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text E:\5.exe[3152] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text E:\5.exe[3152] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text E:\5.exe[3152] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text E:\5.exe[3152] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text E:\5.exe[3152] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text E:\5.exe[3152] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text E:\5.exe[3152] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7193000A
.text E:\5.exe[3152] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F080F5A
.text E:\5.exe[3152] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7196000A
.text E:\5.exe[3152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7184000A
.text E:\5.exe[3152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7187000A
.text E:\5.exe[3152] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text E:\5.exe[3152] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text E:\5.exe[3152] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text E:\5.exe[3152] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text E:\5.exe[3152] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text E:\5.exe[3152] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text E:\5.exe[3152] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7190000A
.text E:\5.exe[3152] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text E:\5.exe[3152] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text E:\5.exe[3152] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text E:\5.exe[3152] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text E:\5.exe[3152] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text E:\5.exe[3152] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9D, 71]
.text E:\5.exe[3152] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text E:\5.exe[3152] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text E:\5.exe[3152] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text E:\5.exe[3152] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text E:\5.exe[3152] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text E:\5.exe[3152] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text E:\5.exe[3152] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text E:\5.exe[3152] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text E:\5.exe[3152] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text E:\5.exe[3152] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text E:\5.exe[3152] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text E:\5.exe[3152] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text E:\5.exe[3152] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text E:\5.exe[3152] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text E:\5.exe[3152] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text E:\5.exe[3152] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text E:\5.exe[3152] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text E:\5.exe[3152] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text E:\5.exe[3152] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text E:\5.exe[3152] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text E:\5.exe[3152] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text E:\5.exe[3152] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7175000A
.text E:\5.exe[3152] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text E:\5.exe[3152] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text E:\5.exe[3152] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text E:\5.exe[3152] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text E:\5.exe[3152] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text E:\5.exe[3152] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text E:\5.exe[3152] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text E:\5.exe[3152] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text E:\5.exe[3152] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text E:\5.exe[3152] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text E:\5.exe[3152] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text E:\5.exe[3152] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text E:\5.exe[3152] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text E:\5.exe[3152] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text E:\5.exe[3152] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text E:\5.exe[3152] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text E:\5.exe[3152] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text E:\5.exe[3152] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text E:\5.exe[3152] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text E:\5.exe[3152] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text E:\5.exe[3152] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text E:\5.exe[3152] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text E:\5.exe[3152] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text E:\5.exe[3152] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text E:\5.exe[3152] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719A000A
.text E:\5.exe[3152] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text E:\5.exe[3152] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text E:\5.exe[3152] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F170F5A
.text E:\5.exe[3152] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F110F5A
.text E:\5.exe[3152] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F140F5A
.text E:\5.exe[3152] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1A0F5A
.text E:\5.exe[3152] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [0F, 5F]
.text E:\5.exe[3152] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text E:\5.exe[3152] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A40F5A
.text E:\5.exe[3152] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AD0F5A
.text E:\5.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718A000A
.text E:\5.exe[3152] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text E:\5.exe[3152] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A6, 71]
.text E:\5.exe[3152] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text E:\5.exe[3152] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text E:\5.exe[3152] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text E:\5.exe[3152] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text E:\5.exe[3152] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text E:\5.exe[3152] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text E:\5.exe[3152] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text E:\5.exe[3152] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text E:\5.exe[3152] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text E:\5.exe[3152] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718D000A
.text E:\5.exe[3152] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text E:\5.exe[3152] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text E:\5.exe[3152] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text E:\5.exe[3152] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text E:\5.exe[3152] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A10F5A
.text E:\5.exe[3152] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7172000A
.text E:\5.exe[3152] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text E:\5.exe[3152] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text E:\5.exe[3152] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7178000A
.text E:\5.exe[3152] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text E:\5.exe[3152] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text E:\5.exe[3152] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717B000A
.text E:\5.exe[3152] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7181000A
.text E:\5.exe[3152] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717E000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [31, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [49, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BA000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateFileA 7C801A28 4 Bytes JMP EC001E25
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateFileA + 5 7C801A2D 1 Byte [70]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7135000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E1000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E70001
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716E000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715F000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7162000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E4000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 708D000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CF000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 706C000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7123000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716B000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7096000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7099000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7090000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7093000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711D000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E7000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F0000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70AB000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7147000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7066000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B1000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7120000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C3000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CC000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C9000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 705D000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 707E000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 707B000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70AE000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7060000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7069000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7144000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7063000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C6000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7150000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A8000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EA000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7165000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 706F000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7141000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D5000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713E000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D1, 70]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7081000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3A, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7087000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7084000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7072000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7168000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7129000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D8000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 708A000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7138000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714D000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [25, 71]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7105000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F3000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7117000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7108000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710B000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70A5000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F6000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FF000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F9000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711A000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7102000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710E000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 709C000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7078000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7075000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DB000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DD, 70]
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 709F000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7111000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FC000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7114000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A2000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712F000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712C000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7153000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C0000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BD000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7156000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715C000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7159000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] WININET.DLL!InternetOpenUrlA 3D95F3BC 6 Bytes JMP 70B7000A
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3176] WININET.DLL!InternetOpenUrlW 3D9A6DFF 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [31, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [49, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateFileA 7C801A28 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateFileA + 5 7C801A2D 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7172000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7072000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [7B, 71] {JNP 0x73}
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 706C000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7063000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7084000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7081000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7066000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 706F000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7069000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[3204] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 707E000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 707B000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [DD, 70]
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7178000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[3204] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7075000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D1, 70]
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [3A, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7078000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3204] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [25, 71]
.text C:\WINDOWS\system32\svchost.exe[3204] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\svchost.exe[3204] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[3204] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[3204] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[3204] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[3204] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [39, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [51, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\svchost.exe[3216] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E5, 70] {IN EAX, 0x70}
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7137000A

#13 firstbaselady

firstbaselady
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 08 January 2012 - 08:37 PM

.text C:\WINDOWS\system32\svchost.exe[3216] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D9, 70]
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [42, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3216] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2D, 71]
.text C:\WINDOWS\system32\svchost.exe[3216] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\svchost.exe[3216] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\svchost.exe[3216] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\svchost.exe[3216] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\svchost.exe[3216] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\svchost.exe[3216] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5D, 71]
.text C:\WINDOWS\system32\rundll32.exe[3624] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\rundll32.exe[3624] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FD, 70]
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [66, 71]
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [51, 71]
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713A000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [09, 71]
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\rundll32.exe[3624] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\rundll32.exe[3624] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\rundll32.exe[3624] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\rundll32.exe[3624] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\rundll32.exe[3624] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\rundll32.exe[3624] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\rundll32.exe[3624] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [39, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [51, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707A000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714F000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7074000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706B000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7089000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706E000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7077000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7071000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707D000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D9, 70]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [42, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7080000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2D, 71]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FB000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7107000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7086000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7083000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E5, 70] {IN EAX, 0x70}
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715B000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7164000A
.text C:\WINDOWS\system32\dlcccoms.exe[3664] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7161000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [39, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [51, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70C2000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70F5000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 713D000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70E9000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008C0001
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7177000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 717D000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 717A000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7167000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 716A000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70EC000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 709B000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70D7000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 707A000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 712B000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7174000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70A4000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70A7000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 709E000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70A1000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7125000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [83, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70EF000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70F8000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70B9000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 714F000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7074000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70BF000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7128000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70CB000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70D4000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70D1000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 706B000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 708C000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7089000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70BC000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 706E000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7077000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 714C000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7071000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70CE000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7158000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70B6000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70F2000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 710D000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70FB000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 711F000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7110000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7113000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70B3000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70FE000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7107000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7101000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7122000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 710A000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7116000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70AA000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7086000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7083000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70E3000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [E5, 70] {IN EAX, 0x70}
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70AD000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7119000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7104000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 711C000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70B0000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7180000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7137000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7134000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 716D000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 707D000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7149000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70DD000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7146000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [D9, 70]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 708F000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [42, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7095000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7092000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7080000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7171000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7131000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70E0000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7098000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7140000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7155000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [2D, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3864] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 715B000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70C8000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70C5000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 715E000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7164000A
.text C:\Program Files\iPod\bin\iPodService.exe[3864] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [36, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [4E, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4008] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.