Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] PC infecté par ipexewin.exe

jaja33

Par jaja33
dans Analyses et éradication malwares

 Partager

Messages recommandés

angelique Devil Member !

angelique

Posté(e)
Posté(e)

bon le probleme est là:

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinEcd]

"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\bvtKS.exe\""

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32:gcaa.dll 9728 bytes executable

c:\windows\system32:imwbi.exe 130759 bytes executable hidden from API

c:\windows\xcsle1.dll 92831 bytes executable

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D4F8C23-5CB0-1D50-FEA7-C1C9905EF05F}]

2007-07-09 22:40 92831 --a------ c:\windows\xcsle1.dll

 

 

 

ça pue grave !!! :P

 

On va essayer un truc. :P

 

» ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Driver::
WinEcd
ADS::
c:\windows\system32:gcaa.dll
c:\windows\system32:imwbi.exe
File::
c:\windows\xcsle1.dll
c:\program files\Fichiers communs\Microsoft Shared\bvtKS.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D4F8C23-5CB0-1D50-FEA7-C1C9905EF05F}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Lien vers le commentaire
Partager sur d’autres sites

jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Et voilà le rapport!!

 

ComboFix 08-12-05.06 - LAMBERT 2008-12-07 9:31:15.4 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.420 [GMT 1:00]

Lancé depuis: c:\documents and settings\LAMBERT\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\LAMBERT\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

c:\program files\Fichiers communs\Microsoft Shared\bvtKS.exe

c:\windows\xcsle1.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_WINECD

-------\Service_WinEcd

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-07 08:54 . 2008-12-07 08:54 <REP> d-------- c:\program files\Avira

2008-12-07 08:54 . 2008-12-07 08:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-12-07 00:06 . 2008-12-07 00:06 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-06 17:16 . 2008-12-06 17:30 <REP> d-------- C:\HJT

2008-12-06 17:09 . 2008-12-06 18:40 1,864 --a------ c:\windows\system32\tmp.reg

2008-12-06 15:49 . 2008-12-06 17:55 <REP> d-------- c:\program files\Enigma Software Group

2008-12-06 10:58 . 2008-12-06 10:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Fighters

2008-12-05 18:28 . 2008-12-05 18:28 <REP> d-------- c:\documents and settings\LAMBERT\Application Data\Windows Live Writer

2008-11-28 14:39 . 2008-12-06 11:05 54,156 --ah----- c:\windows\QTFont.qfn

2008-11-28 14:39 . 2008-11-28 14:39 1,409 --a------ c:\windows\QTFont.for

2008-11-18 11:01 . 2008-11-18 11:01 15,496 --a------ c:\windows\system32\drivers\vffilter.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-07 08:41 23,524 ----a-w c:\windows\system32\drivers\GVTDrv.sys

2008-12-07 07:45 13,440 ----a-w c:\windows\GPCIDrv.sys

2008-12-06 23:06 --------- d-----w c:\program files\Java

2008-11-22 16:44 --------- d-----w c:\program files\eMule

2006-06-15 12:40 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe

2005-10-24 09:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r c:\windows\x2.64.exe

2005-10-07 17:14 308,224 --sha-r c:\windows\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r c:\windows\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2006-04-27 08:24 2,945,024 --sha-r c:\windows\system32\Smab.dll

2005-02-28 11:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-12-06_18.13.55.93 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-06 16:57:39 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-07 08:30:04 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-12-06 16:57:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-12-07 08:30:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

- 2008-12-06 16:57:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-07 08:30:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-09 11:15:48 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 16:11:30 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-10-30 09:20:38 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys

- 2007-09-24 21:30:28 135,168 ----a-w c:\windows\system32\java.exe

+ 2008-12-06 23:06:09 144,792 ----a-w c:\windows\system32\java.exe

- 2007-09-24 21:30:30 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2008-12-06 23:06:09 144,792 ----a-w c:\windows\system32\javaw.exe

- 2007-09-24 22:31:42 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2008-12-06 23:06:09 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-10-26 17:54:30 64,574 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-06 17:16:02 64,574 ----a-w c:\windows\system32\perfc009.dat

- 2008-10-26 17:54:30 78,656 ----a-w c:\windows\system32\perfc00C.dat

+ 2008-12-06 17:16:02 78,656 ----a-w c:\windows\system32\perfc00C.dat

- 2008-10-26 17:54:30 409,052 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-06 17:16:02 409,052 ----a-w c:\windows\system32\perfh009.dat

- 2008-10-26 17:54:30 476,914 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-12-06 17:16:02 476,914 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-12-07 08:41:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7fc.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 879616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-06 155648]

"fssui"="c:\program files\Windows Live\Contrôle parental\fssui.exe" [2007-10-17 243240]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\LAMBERT\Menu D‚marrer\Programmes\D‚marrage\

EUROBARRE.lnk - c:\qoobox\Quarantine\C\Program Files\Eurobarre\eb.exe.vir [2006-10-31 103936]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-05 11000]

Acrobat Assistant.lnk - c:\program files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-17 110592]

D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-08-28 51984]

EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-05-12 135680]

Gestionnaire Microsoft Office.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 340480]

Lancement rapide d'Adobe Reader.lnk - c:\program files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 111376]

Phone Connection Monitor.lnk - c:\program files\Sony Ericsson\Mobile\audevicemgr.exe [2006-07-01 813056]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-05-15 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\eMule.exe"=

"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

"c:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-vga.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2006-05-11 25067]

R2 CycloneLicenseServer;Cyclone License Server;"c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe" "c:\program files\Leica Geosystems\Cyclone\" [2006-05-15 643072]

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-01-27 43816]

R2 fsssvc;Windows Live OneCare Contrôle parental;"c:\program files\Windows Live\Contrôle parental\fsssvc.exe" [2007-10-17 523816]

R2 Leica HDS Server;Leica HDS Server;"c:\program files\Leica Geosystems\Cyclone\ptserv32.exe" -config "c:\program files\Leica Geosystems\Cyclone\ptserver.cfg" [2006-05-15 577655]

R3 GPCIDrv;GPCIDrv;\??\c:\windows\GPCIDrv.sys [2007-12-01 13440]

R3 GVTDrv;GVTDrv;\??\c:\windows\system32\Drivers\GVTDrv.sys [2007-12-01 23524]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2006-07-03 6828]

S3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-11-18 15496]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\laucher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40be8cc0-a2b4-11dd-90dc-001485ec525e}]

\Shell\AutoRun\command - F:\laucher.exe

 

*Newly Created Service* - SSMDRV

.

Contenu du dossier 'Tâches planifiées'

 

2008-01-27 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKLM-RunOnce-*lj - c:\windows\system32:imwbi.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 09:41:19

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32:gcaa.dll 9728 bytes executable

c:\windows\system32:imwbi.exe 130759 bytes executable

 

Scan terminé avec succès

Fichiers cachés: 2

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe

c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Leica Geosystems\Cyclone\ptserv32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

c:\windows\system32\wscntfy.exe

c:\program files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\progra~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE

.

**************************************************************************

.

Heure de fin: 2008-12-07 9:44:26 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-07 08:44:23

ComboFix2.txt 2008-12-06 19:46:12

ComboFix3.txt 2008-12-06 18:59:51

ComboFix4.txt 2008-12-06 17:14:39

 

Avant-CF: 10 556 710 912 octets libres

Après-CF: 10,571,018,240 octets libres

 

186

Lien vers le commentaire
Partager sur d’autres sites
angelique Devil Member !

angelique

Posté(e)
Posté(e)

• supprime c:\documents and settings\LAMBERT\Menu D‚marrer\Programmes\D‚marrage\EUROBARRE.lnk

 

• Vas sur le site http://virusscan.jotti.org/

  • Clique en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ces fichiers : c:\windows\system32\drivers\GVTDrv.sys
    c:\windows\GPCIDrv.sys
  • Clique sur submit toujours en haut à droite
  • Le scan va se lancer, ça va prendre un petit instant
  • A la fin du scan, un rapport va apparaître : Copie/Colle le résultat complet du scan dans un fichier texte
  • Poste ce fichier dans ta prochaine réponse

ATTENTION de bien prendre le résultat du scan de ton fichier (le nom du fichier apparaît en haut) et non le scan fait avant le tiens!

Aide : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId662799• Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

ou la:

http://sdfix.net/SDFix.exe

 

Double clique sur SDFix.exe et choisis Install pour l'extraire en c:\SDFix.

 

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

 

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

 

 

* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.

*si le fix se referme immediatement , ne fonctionne pas , copie colle la ligne ci dessous dans executer et relance RunThis.bat

 

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

 

* Appuie sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.(laisse le s'executer sans rien toucher!!)

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.(ne touche à rien!!laisse le faire)

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Lien vers le commentaire
Partager sur d’autres sites
jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Voilà le rapport....

 

Scan taken on 07 Dec 2008 09:01:58 (GMT)

A-Squared Found nothing

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

G DATA Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Last file scanned at least one scanner reported something about: DNF3.92.exe (MD5: d8c72c3915c50a14548b30619e027809, size: 1551794 bytes), detected by:

 

Scanner Malware name

A-Squared Trojan-Dropper.Win32.Small.ri!IK

AntiVir X

ArcaVir X

Avast X

AVG Antivirus X

BitDefender X

ClamAV X

CPsecure X

Dr.Web X

F-Prot Antivirus X

F-Secure Anti-Virus X

G DATA X

Ikarus Trojan-Dropper.Win32.Small.ri

Kaspersky Anti-Virus X

NOD32 X

Norman Virus Control X

Panda Antivirus X

Sophos Antivirus X

VirusBuster X

VBA32 X

 

 

You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives

We are not affiliated with any third parties that conduct tests using this service.

 

 

Le mien c'est le premier des 2!!!!

J'avais pas lu la suite!

Lien vers le commentaire
Partager sur d’autres sites
jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Voilà le rapport SDFix

 

 

SDFix: Version 1.240

Run by LAMBERT on 07/12/2008 at 11:12

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

C:\WINDOWS\system32

:gcaa.dll 9728

Total size: 9728 bytes.

system32: Accès refusé.

 

Checking for remaining Streams

 

C:\WINDOWS\system32

:gcaa.dll 9728

Total size: 9728 bytes.

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-07 11:41:38

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwQueryDirectoryFile, ZwQuerySystemInformation

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\WINDOWS\system32:imwbi.exe"

 

scanning hidden files ...

 

C:\WINDOWS\system32:gcaa.dll 9728 bytes executable

C:\WINDOWS\system32:imwbi.exe 130759 bytes executable hidden from API

C:\WINDOWS\xcsle1.dll 92831 bytes executable

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 3

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"

"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Disabled:mRouterRuntime"

"C:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-vga.exe"="C:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-vga.exe:*:Enabled:Menu"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"

Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"

Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"

Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll"

Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"

Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"

Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"

Sat 24 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"

Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"

Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"

Sat 24 Jan 2004 70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"

Fri 16 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Tue 15 Nov 2005 78,104 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"

Thu 24 Nov 2005 17,920 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"

Thu 24 Nov 2005 12,880 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"

Sat 24 Jun 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"

Wed 11 Jan 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"

Sun 7 Dec 2008 196,608 A..HR --- "C:\Program Files\Fichiers communs\Microsoft Shared\shh.exe"

Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"

Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"

Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"

Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"

Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"

Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"

Tue 10 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"

Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"

Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"

Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"

Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"

Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"

Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"

Sun 7 Dec 2008 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off1B69.tmp"

 

Finished!

Lien vers le commentaire
Partager sur d’autres sites
angelique Devil Member !

angelique

Posté(e)
Posté(e)

ok c'est bien là -_-

 

• telecharge http://www.gmer.net/gmer.zip

 

dezippe le , lance le , onglet rootkit , clic scan , en fin de scan clic "copy", ouvre ton bloc note , et colle (ctrl+V), le rapport Gmer apparaitra que tu posteras

 

172325.jpeg

http://imagik.fr/view-rl/172325

Lien vers le commentaire
Partager sur d’autres sites
jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

voilà le rapport

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-07 13:28:34

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT F7CB962C ZwCreateThread

SSDT F7CB9618 ZwOpenProcess

SSDT F7CB961D ZwOpenThread

SSDT F7CB9627 ZwTerminateProcess

SSDT F7CB9622 ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.14 ----

 

? C:\DOCUME~1\LAMBERT\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ F5, 91, F5, 99, FC, 99, 40, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 4A, 99, 49, 41, D6, 49, F9, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, 48, F3, 2F, 42, 91, F5, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 3F, E9 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[160] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\ctfmon.exe[224] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\ctfmon.exe[224] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\ctfmon.exe[224] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\ctfmon.exe[224] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 48, FC, F8, 91, F2, 49, 98, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 2F, 9F, FC, 98, 37, 2F, F5, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F5, 91, 91, 37, 99, F5, F3, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[276] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 37, 40, F2, 42, 48, F8, FC, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 37, F2, 99, 40, 42, 2F, 42, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Java\jre6\bin\jqs.exe[332] psapi.dll!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 41, E9 ]

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[456] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 41, E9 ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 41, 92, 42, D6, F5, FC, F5, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 92, 91, F3, 49, 41, 4A, 90, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[460] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 92, D6, F3, 40, 90, 49, F3, ... ]

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\nvsvc32.exe[524] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\nvsvc32.exe[524] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\nvsvc32.exe[524] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F2, E9 ]

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\nvsvc32.exe[524] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\nvsvc32.exe[524] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\nvsvc32.exe[524] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\nvsvc32.exe[524] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F3, 9F, 42, 92, 2F, F2, 99, ... ]

.text C:\WINDOWS\system32\nvsvc32.exe[524] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 90, 2F, 9F, 2F, 92, F9, 92, ... ]

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[576] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[576] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[576] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[576] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ FC, E9 ]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\winlogon.exe[696] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F2, 98, 99, 42, 91, F9, 91, ... ]

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 4A, 2F, 2F, 42, 9F, FC, 92, ... ]

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 4A, E9 ]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 48, D6, FC, F8, 90, 3F, 90, ... ]

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 92, 4A, F9, 41, 49, F5, 2F, ... ]

.text C:\WINDOWS\system32\services.exe[744] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 37, FC, 49, F9, F5, 91, F2, ... ]

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F8, 98, 90, 99, 40, F2, 90, ... ]

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wdfmgr.exe[760] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wdfmgr.exe[760] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 90, E9 ]

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wdfmgr.exe[760] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wdfmgr.exe[760] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, F3, 49, 37, 2F, 42, 99, ... ]

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 41, 37, 48, 9F, F2, F9, 42, ... ]

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!closesocket + 2 719F963B 7 Bytes [ 42, 98, 91, 90, 42, F5, D6 ]

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!closesocket + A 719F9643 6 Bytes JMP 74CF1C4F C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 6 Bytes [ 40, 98, F2, 4A, F5, 49 ]

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSAAsyncGetHostByName + 9 719FE98E 6 Bytes JMP 3EE8982A

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSAConnect + 2 71A00C6B 7 Bytes [ 92, F3, 37, 41, 2F, 37, F8 ]

.text C:\WINDOWS\system32\svchost.exe[1024] WS2_32.dll!WSAConnect + A 71A00C73 6 Bytes JMP 3EE89932

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wscntfy.exe[1032] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wscntfy.exe[1032] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wscntfy.exe[1032] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 90, E9 ]

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wscntfy.exe[1032] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 6 Bytes [ 2F, F5, D6, 98, 3F, 41 ]

.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!WSAAsyncGetHostByName + 9 719FE98E 6 Bytes JMP 3EE8982A

.text C:\WINDOWS\System32\svchost.exe[1136] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 92, 48, 9F, 91, F5, F5, F5, ... ]

.text C:\WINDOWS\System32\svchost.exe[1136] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1196] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 98, 3F, 40, F8, 42, 91, 92, ... ]

.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 3F, FC, 91, 99, F8, FC, F2, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[1260] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 91, 99, FC, 98, 90, 99, 41, ... ]

.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 49, 91, FC, F3, 48, 2F, F2, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F3, E9 ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\spoolsv.exe[1464] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 41, 49, F2, F8, 49, 4A, FC, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F8, 48, 49, 92, 49, 9F, 99, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, 90, 2F, 98, 92, 3F, 3F, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 41, F8, F2, F5, 41, F8, 3F, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1572] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 99, F5, 92, F9, 49, F3, F9, ... ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[1608] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1720] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 2F, 92, 91, 99, F5, 41, F3, ... ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1760] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 3F, 40, D6, D6, 90, 41, 90, ... ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\WinZip\WZQKPICK.EXE[1796] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\System32\alg.exe[1800] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\System32\alg.exe[1800] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\System32\alg.exe[1800] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\System32\alg.exe[1800] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ FC, 42, D6, 98, F3, 41, F9, ... ]

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 42, 4A, F5, 41, F3, 90, 41, ... ]

.text C:\WINDOWS\System32\alg.exe[1800] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F9, 42, D6, 4A, 4A, 98, F2, ... ]

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 42, E9 ]

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\Explorer.EXE[1804] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 98, F5, 92, 92, 90, F3, F3, ... ]

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 99, 40, 49, FC, 41, 49, F8, ... ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ FC, E9 ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 9F, D6, F9, D6, 90, F8, 42, ... ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[1812] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ D6, 98, 49, F8, 98, D6, 41, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, D6, 37, F9, 40, 41, 4A, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1872] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 99, 40, 90, 2F, F9, 92, F3, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 37, E9 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 99, 92, 42, 40, F3, FC, 3F, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 99, 41, 98, 37, F9, 48, F3, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!WSAConnect + 2 71A00C6B 7 Bytes [ F2, 90, 49, 99, 3F, 37, 48 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[1920] WS2_32.dll!WSAConnect + A 71A00C73 6 Bytes JMP 3EE89932

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] user32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2156] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 49, 48, 48, 92, 40, 37, 9F, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 90, 40, 98, 48, 48, 91, 4A, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[2404] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F9, E9 ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 40, 92, 3F, 9F, 41, 92, F8, ... ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2452] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F3, 98, 92, 99, F3, F8, 4A, ... ]

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\notepad.exe[2528] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\notepad.exe[2528] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\notepad.exe[2528] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\notepad.exe[2528] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ FC, E9 ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451166F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 445115F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511634 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451157C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445115B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445116AA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A1676 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!closesocket + 2 719F963B 14 Bytes [ 90, 91, 42, 91, 49, 41, 2F, ... ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ FC, F2, 40, 9F, 49, 49, F9, ... ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2764] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 9F, F5, 2F, 98, 37, 92, 92, ... ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Java\jre6\bin\jusched.exe[3760] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, 4A, 42, 41, 90, 48, 9F, ... ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[3780] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 91, 90, 98, 92, 48, 40, 3F, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!closesocket + 2 719F963B 14 Bytes [ F3, 2F, 41, 98, 40, 48, F9, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, F8, 40, 91, F3, 98, 98, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[3800] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 48, 98, 40, F5, F9, 40, F9, ... ]

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\QuickTime\qttask.exe[3832] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\QuickTime\qttask.exe[3832] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\QuickTime\qttask.exe[3832] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F9, E9 ]

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\QuickTime\qttask.exe[3832] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\RTHDCPL.EXE[3976] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\RTHDCPL.EXE[3976] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\RTHDCPL.EXE[3976] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 37, E9 ]

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\RTHDCPL.EXE[3976] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 41, E9 ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[4048] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr.sys (Family Safety Filter Driver/Microsoft Corporation)

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32:imwbi.exe

 

---- Files - GMER 1.0.14 ----

 

ADS C:\WINDOWS\system32:gcaa.dll 9728 bytes executable

ADS C:\WINDOWS\system32:imwbi.exe 130759 bytes executable

File C:\WINDOWS\xcsle1.dll 92831 bytes executable

 

---- EOF - GMER 1.0.14 ----

 

Lien vers le commentaire
Partager sur d’autres sites
angelique Devil Member !

angelique

Posté(e)
Posté(e)

alors on se le fait comme ça

 

• telecharge turlututu.reg sur ton bureau , double clic dessus et accepte la fusion au registre

 

http://www.sendspace.com/file/jlhe23

 

le contenu du reg a ceci:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

 

• telecharge tirlititi.bat sur ton bureau , double clic dessus , ça va etre tres rapide et ton pc va redemarrer

 

http://www.sendspace.com/file/etom0t

 

le bat contient ceci:

 

gmer.exe -del file "C:\WINDOWS\system32:gcaa.dll"
gmer.exe -del file "C:\WINDOWS\system32:imwbi.exe"
gmer.exe -del file "C:\WINDOWS\xcsle1.dll"
gmer.exe -reboot

 

• reposte un nouveau rapport de Gmer

Lien vers le commentaire
Partager sur d’autres sites
jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Nouveau raport Gmer

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-07 16:07:06

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT F7D12E8C ZwCreateThread

SSDT F7D12E78 ZwOpenProcess

SSDT F7D12E7D ZwOpenThread

SSDT F7D12E87 ZwTerminateProcess

SSDT F7D12E82 ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.14 ----

 

.text ntkrnlpa.exe!ZwCallbackReturn + 2FE2 80503D96 2 Bytes [ D1, F7 ]

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\ctfmon.exe[112] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\ctfmon.exe[112] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 3F, E9 ]

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\ctfmon.exe[112] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\ctfmon.exe[112] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 48, 4A, 2F, 4A, 37, FC, 37, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 42, F9, 48, F8, 91, FC, 37, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[196] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 3F, 37, 90, FC, 98, 98, 49, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 37, E9 ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[204] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[324] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F2, E9 ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[516] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[568] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[656] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\winlogon.exe[696] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ D6, 9F, 48, 4A, 37, F8, F9, ... ]

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 98, F2, F3, 42, 98, D6, 42, ... ]

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 41, E9 ]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F9, 91, 42, 2F, 9F, FC, 4A, ... ]

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F8, 49, 91, 3F, 2F, F5, 90, ... ]

.text C:\WINDOWS\system32\services.exe[744] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 49, 37, 48, 42, 90, F8, 99, ... ]

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 37, 98, FC, 92, F3, D6, 98, ... ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\WinZip\WZQKPICK.EXE[760] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F9, 42, FC, 99, F8, 3F, 48, ... ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[816] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F2, 9F, 42, 99, 91, F9, F5, ... ]

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 4A, E9 ]

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F9, 49, F3, 92, 99, FC, 92, ... ]

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAConnect + 2 71A00C6B 7 Bytes [ 49, FC, 4A, 92, 90, 3F, 49 ]

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAConnect + A 71A00C73 6 Bytes JMP 3EE89932

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 41, F8, 91, 49, 99, F9, 99, ... ]

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 42, 42, 99, 37, F8, 9F, 49, ... ]

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 98, 49, 92, 49, 3F, 92, F5, ... ]

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1020] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ F8, 92, 2F, 42, 3F, F3, 9F, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 6 Bytes [ 41, F5, 91, 48, 90, 42 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!WSAAsyncGetHostByName + 9 719FE98E 6 Bytes JMP 3EE8982A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F2, 2F, 99, 92, D6, F3, 99, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F3, E9 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1104] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 98, 90, 40, 37, F8, F3, 9F, ... ]

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 40, 41, 99, 92, 37, 2F, 41, ... ]

.text C:\WINDOWS\System32\svchost.exe[1124] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 37, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 48, 91, 3F, 49, 40, 91, F5, ... ]

.text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 91, F3, 37, 98, 49, 98, 92, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 4A, E9 ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F3, F8, 91, 92, F9, 99, 90, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 91, F9, 90, 4A, F3, 49, D6, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1312] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, 2F, 4A, F8, F3, 9F, 37, ... ]

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 92, 49, 99, F9, 90, 48, 9F, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ D6, 40, 41, 41, FC, F8, 98, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F5, 40, 42, 90, 49, F3, 98, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 41, E9 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1356] psapi.dll!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\spoolsv.exe[1472] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\spoolsv.exe[1472] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\spoolsv.exe[1472] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\spoolsv.exe[1472] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 9F, 2F, D6, FC, 92, 40, 48, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 91, 41, 9F, F8, 99, 2F, 3F, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1472] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 48, 37, F8, FC, D6, 49, 98, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 92, 40, 40, F5, F2, D6, FC, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 4A, 3F, FC, F2, 2F, 92, 42, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1512] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 49, 9F, FC, 42, 42, 49, 42, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, 91, 41, 91, F5, 90, F9, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F8, 49, D6, 90, F2, 4A, F5, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1548] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 42, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 98, 2F, 2F, 98, 3F, 42, 48, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1564] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 90, 99, F3, D6, F9, 49, 92, ... ]

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\Explorer.EXE[1812] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\Explorer.EXE[1812] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\Explorer.EXE[1812] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 91, 92, 91, 37, 92, 2F, 42, ... ]

.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F8, 40, F3, 91, 48, 40, 42, ... ]

.text C:\WINDOWS\Explorer.EXE[1812] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\nvsvc32.exe[1848] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 9F, F5, 3F, 9F, 42, 42, 91, ... ]

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 90, 91, 90, 98, 4A, 41, F5, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 99, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 3F, F3, 41, F2, 48, F3, 4A, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1936] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F3, F8, 42, FC, 37, 41, F5, ... ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Java\jre6\bin\jusched.exe[1940] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 90, E9 ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 42, 48, 99, F8, 92, F3, 4A, ... ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1984] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 4A, 3F, 40, 99, 40, 99, F2, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!closesocket + 2 719F963B 14 Bytes [ F5, 3F, 9F, F9, F3, 3F, 40, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 48, 40, F8, 91, 49, F5, 9F, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2008] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 91, 49, 9F, 37, F9, 99, 98, ... ]

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\QuickTime\qttask.exe[2020] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\QuickTime\qttask.exe[2020] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\QuickTime\qttask.exe[2020] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 3F, E9 ]

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\QuickTime\qttask.exe[2020] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wdfmgr.exe[2136] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wdfmgr.exe[2136] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wdfmgr.exe[2136] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F3, E9 ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F2, 4A, 9F, 99, F3, F2, 48, ... ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2340] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 42, 3F, 92, D6, 42, D6, 98, ... ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F5, FC, 37, 99, F8, F8, 2F, ... ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3216] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 99, 99, 4A, F2, D6, 90, 48, ... ]

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wscntfy.exe[3244] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wscntfy.exe[3244] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wscntfy.exe[3244] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ FC, E9 ]

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wscntfy.exe[3244] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 3F, E9 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 99, F5, F9, D6, D6, 41, 41, ... ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3384] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F9, 90, 4A, F5, 42, F2, 4A, ... ]

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\System32\alg.exe[3392] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\alg.exe[3392] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\System32\alg.exe[3392] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\System32\alg.exe[3392] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F3, 91, FC, 98, D6, 40, F8, ... ]

.text C:\WINDOWS\System32\alg.exe[3392] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F5, F9, 48, 37, 9F, D6, 99, ... ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 3F, FC, 98, 2F, F3, F9, D6, ... ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3808] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, 4A, 3F, 91, 98, 9F, 91, ... ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] user32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F3, E9 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[3956] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr.sys (Family Safety Filter Driver/Microsoft Corporation)

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32:imwbi.exe

 

---- Files - GMER 1.0.14 ----

 

ADS C:\WINDOWS\system32:imwbi.exe 130759 bytes executable

 

---- EOF - GMER 1.0.14 ----

 

Lien vers le commentaire
Partager sur d’autres sites
  • Tonton a modifié le titre en [Résolu] PC infecté par ipexewin.exe

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...