[Résolu] PC infecté par ipexewin.exe

angelique · le 7 décembre 2008

on en a eu 2 , reste plus qu"'un!!

on va le faire comme ça maintenant ,

1/tu dois toujours avoir turlututu.reg sur ton bureau, double clic dessus mais attend avant de confirmer la fusion

2/ telecharge tarlatata.bat sur ton bureau

http://www.sendspace.com/file/uu0m6y

3/ double clic sur tarlatata.bat

la fenetre doit rester ouverte te demandant d'appuyer sur une touche pour continuer, ne le fait pas de suite mais accepte la fusion de turlututu.reg (j'espere que la fenetre reste!!pas sure apres avoir lançer tarlatata.bat , dit le moi)

puis remet toi sur la fenetre d'invite de commande et appuie sur une touche quelconque, le pc va redemarrer

4/ refait un scan gmer et poste le nouveau rapport

jaja33 · le 7 décembre 2008

Quand je lance tarlatata, je n'ai plus d'icones sur le bureau.........donc turlututu chapeau pointu je peux pas cliquer dessus.....

angelique · le 7 décembre 2008

vi je m'en doutais , c'est le killall de tarlatata qui tue le turlututu

pas grave ! lance le tarlatata.bat , appuie sur une touche pour redemarrer le pc , et lance le turlututu.reg au reboot et remet moi un nouveau rapport Gmer

jaja33 · le 7 décembre 2008

Et voilà le dernier Gmer!!

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-07 17:15:49

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT F7CE2184 ZwCreateThread

SSDT F7CE2170 ZwOpenProcess

SSDT F7CE2175 ZwOpenThread

SSDT F7CE217F ZwTerminateProcess

SSDT F7CE217A ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\QuickTime\qttask.exe[124] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\QuickTime\qttask.exe[124] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\QuickTime\qttask.exe[124] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\QuickTime\qttask.exe[124] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\RTHDCPL.EXE[160] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\RTHDCPL.EXE[160] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\RTHDCPL.EXE[160] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\RTHDCPL.EXE[160] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F3, E9 ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fssui.exe[184] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 49, 41, 91, 42, F3, F2, 49, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 37, 3F, 4A, F5, 9F, 98, 48, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\CyraLicense.exe[232] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 4A, 98, 99, FC, 99, 90, 41, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[308] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\ctfmon.exe[336] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\ctfmon.exe[336] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\ctfmon.exe[336] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\ctfmon.exe[336] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe[488] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Microsoft Office\Office\OSA.EXE[596] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 4A, E9 ]

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe[664] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451166F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 445115F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511634 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451157C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445115B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445116AA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A1676 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!closesocket + 2 719F963B 14 Bytes [ D6, 41, F8, 98, 48, F8, 40, ... ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 92, 4A, 91, 40, F9, 3F, F8, ... ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[676] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 48, 3F, F5, D6, F9, 49, F9, ... ]

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\winlogon.exe[696] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\winlogon.exe[696] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, 98, 99, D6, 90, 9F, 92, ... ]

.text C:\WINDOWS\system32\winlogon.exe[696] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F5, 49, 9F, F3, F9, D6, F5, ... ]

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\services.exe[744] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\services.exe[744] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\services.exe[744] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\services.exe[744] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 42, 98, 3F, F5, 2F, 2F, 48, ... ]

.text C:\WINDOWS\system32\services.exe[744] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, 90, F9, 49, 40, 98, 37, ... ]

.text C:\WINDOWS\system32\services.exe[744] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\lsass.exe[756] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\lsass.exe[756] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\lsass.exe[756] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\lsass.exe[756] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 2F, 37, 4A, F2, 37, FC, 92, ... ]

.text C:\WINDOWS\system32\lsass.exe[756] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 91, 49, F5, F2, F5, 42, D6, ... ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F2, E9 ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\WinZip\WZQKPICK.EXE[824] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 3F, E9 ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 3F, 49, F3, 37, F3, 92, 4A, ... ]

.text C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe[832] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ FC, 9F, 99, D6, F2, 48, 48, ... ]

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 9F, F8, 42, 41, 98, 48, F2, ... ]

.text C:\WINDOWS\system32\svchost.exe[936] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F5, 90, F8, 98, F2, 40, 48, ... ]

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 92, 3F, 41, FC, 3F, 49, 92, ... ]

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 40, 3F, 3F, F5, 49, 98, 90, ... ]

.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F5, FC, F9, 4A, F8, 49, 40, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 2F, 99, 99, 98, F2, 42, 40, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 41, 41, F3, F5, 98, 9F, 98, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 42, F5, 9F, FC, 3F, F3, 99, ... ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F3, E9 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe[1092] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\svchost.exe[1124] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 9F, F9, 9F, D6, 40, D6, 37, ... ]

.text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 48, 4A, 90, F8, 98, D6, F5, ... ]

.text C:\WINDOWS\System32\svchost.exe[1124] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 99, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F8, 2F, FC, F3, 92, F8, FC, ... ]

.text C:\WINDOWS\system32\svchost.exe[1208] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 3F, FC, F5, 4A, 4A, D6, 92, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 37, E9 ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ FC, 92, 41, 49, 3F, F9, F8, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, D6, F3, D6, 99, FC, D6, ... ]

.text C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe[1264] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 37, E9 ]

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE[1296] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 3F, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1336] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 98, D6, 90, 99, 3F, 42, 99, ... ]

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 91, 3F, F2, 49, 40, 99, 99, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 3F, 90, 9F, 37, 92, 2F, 91, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ FC, 42, 98, 37, 9F, F3, F3, ... ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Java\jre6\bin\jqs.exe[1352] psapi.dll!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\spoolsv.exe[1464] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\spoolsv.exe[1464] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\spoolsv.exe[1464] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\spoolsv.exe[1464] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ 4A, 49, 4A, F9, 37, F2, F5, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 90, 92, F2, 42, 40, 90, F5, ... ]

.text C:\WINDOWS\system32\spoolsv.exe[1464] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F8, 48, 9F, D6, 37, 3F, D6, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ FC, 99, F8, F2, D6, 98, FC, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F2, 41, 92, 42, 91, 91, F9, ... ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F2, E9 ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe[1488] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 48, E9 ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!closesocket + 2 719F963B 14 Bytes [ FC, 98, FC, FC, 41, 92, 48, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 91, 98, 3F, 37, FC, D6, 48, ... ]

.text C:\Program Files\Leica Geosystems\Cyclone\ptserv32.exe[1500] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 48, F5, F2, 49, 9F, 4A, 37, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 6 Bytes [ 37, 2F, FC, 9F, 3F, 98 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] WS2_32.dll!WSAAsyncGetHostByName + 9 719FE98E 6 Bytes JMP 3EE8982A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1556] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 99, 48, 9F, F3, 4A, F9, 9F, ... ]

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[1728] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[1728] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\Explorer.EXE[1804] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\Explorer.EXE[1804] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 91, E9 ]

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\Explorer.EXE[1804] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\Explorer.EXE[1804] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F5, 4A, 2F, 48, 48, 4A, F9, ... ]

.text C:\WINDOWS\Explorer.EXE[1804] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 4A, 98, F9, F9, F5, 40, 4A, ... ]

.text C:\WINDOWS\Explorer.EXE[1804] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\nvsvc32.exe[1848] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\nvsvc32.exe[1848] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\nvsvc32.exe[1848] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 41, F2, 2F, 2F, 42, 91, 99, ... ]

.text C:\WINDOWS\system32\nvsvc32.exe[1848] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 40, 4A, 92, 91, 41, 99, 37, ... ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F2, E9 ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Java\jre6\bin\jusched.exe[1912] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 90, E9 ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 3F, 41, 91, F9, 4A, F8, 99, ... ]

.text C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe[1932] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 9F, 91, FC, D6, F9, F8, F8, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 48, 91, 4A, 4A, F8, F9, 3F, ... ]

.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1960] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F8, 37, 92, 91, FC, F5, 92, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!send + 2 719F428C 6 Bytes JMP 74CF14F3 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!WSARecv + 2 719F431A 5 Bytes JMP 74CF20C1 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!recv + 2 719F615C 6 Bytes JMP 74CF138C C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!WSASend + 2 719F6235 5 Bytes JMP 74CF1F52 C:\WINDOWS\system32\setyqsrv.dll

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!closesocket + 2 719F963B 14 Bytes [ 37, 2F, 41, 99, 37, 90, 48, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F9, 48, 98, F8, 90, 91, 49, ... ]

.text C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe[2044] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 3F, 91, 92, 98, 9F, FC, F3, ... ]

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wdfmgr.exe[2088] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 48, E9 ]

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wdfmgr.exe[2088] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wdfmgr.exe[2088] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 4A, 41, 37, 91, D6, F3, 90, ... ]

.text C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE[2308] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 41, FC, 9F, 42, 40, 3F, D6, ... ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] user32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 92, E9 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2660] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wscntfy.exe[3024] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wscntfy.exe[3024] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wscntfy.exe[3024] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wscntfy.exe[3024] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ FC, E9 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 4A, 98, 40, F8, 91, 40, 48, ... ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] WS2_32.dll!WSAConnect + 2 71A00C6B 7 Bytes [ D6, 40, F5, 9F, 49, 4A, 91 ]

.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3204] WS2_32.dll!WSAConnect + A 71A00C73 6 Bytes JMP 3EE89932

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\System32\alg.exe[3452] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\System32\alg.exe[3452] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\System32\alg.exe[3452] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 42, E9 ]

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\System32\alg.exe[3452] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\System32\alg.exe[3452] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\System32\alg.exe[3452] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\System32\alg.exe[3452] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 41, F5, F5, 37, 42, 92, 2F, ... ]

.text C:\WINDOWS\System32\alg.exe[3452] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, 91, 91, F5, 2F, 99, 42, ... ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ D6, E9 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ F9, 37, F9, 9F, D6, 99, 41, ... ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ F3, 42, 48, 99, 92, 49, 49, ... ]

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wuauclt.exe[4064] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wuauclt.exe[4064] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 40, E9 ]

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wuauclt.exe[4064] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wuauclt.exe[4064] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wuauclt.exe[4064] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\wuauclt.exe[4064] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\wuauclt.exe[4064] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 37, F2, 92, F3, F8, 98, 9F, ... ]

.text C:\WINDOWS\system32\wuauclt.exe[4064] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 2F, 91, 9F, 2F, 9F, F8, 92, ... ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr.sys (Family Safety Filter Driver/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32:imwbi.exe

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\LAMBERT\Local Settings\Temporary Internet Files\Content.IE5\SBDW1K0Z\index[1].htm 0 bytes

File C:\Documents and Settings\LAMBERT\Local Settings\Temporary Internet Files\Content.IE5\UQQBOJ72\newflash[1].htm 0 bytes

ADS C:\WINDOWS\system32:imwbi.exe 130759 bytes executable

---- EOF - GMER 1.0.14 ----

angelique · le 7 décembre 2008

bon c'est coriace et compliqué , t'as en plus WS2_32.dll qu'est patché pfff!!!

je cogite et je reviens

angelique · le 7 décembre 2008

bon!

1/ telecharge winsockFix au cas ou tu perdrais ta connexion

http://www.sendspace.com/file/wip61v

tu l'executes juste au cas ou tu la perds apres ci dessous

2/ouvre une invite de commande et ecrit ceci et valide par la touche "enter"

gmer.exe -del file "C:\WINDOWS\system32\setyqsrv.dll"

tape exit pour en sortir

3/telecharge catchme.exe à la racine de ton disque donc en c:\ , tu as donc c:\catchme.exe

http://www.gmer.net/catchme.exe

» telecharge toto.bat sur ton bureau et double clic dessus:

http://www.sendspace.com/file/ihb83d

4/reposte un nouveau rapport Gmer

jaja33 · le 7 décembre 2008

Catchme.exe, je le trouve ou?

angelique · le 7 décembre 2008

j'ai edité et t'ai mis le link de DL

jaja33 · le 7 décembre 2008

J'ai dû mal regardé.......je ne l'avais pas vu!!

angelique · le 7 décembre 2008

arf!! excuse moi , tu veux pas clic droit sur toto.bat et le modifier stp , c'est pas :

catchme.exe -k C:\WINDOWS\system32:imwbi.exe

mais

catchme.exe -e C:\WINDOWS\system32:imwbi.exe

tu changes just le k par e lol

donc clic droit modifier sur toto.bat et tu as ça à la place , ce qui est desormais correct:

cd c:\
catchme.exe -e C:\WINDOWS\system32:imwbi.exe
pause
exit

Connexion

Pas encore inscrit ?

[Résolu] PC infecté par ipexewin.exe

Messages recommandés

angelique

Lien vers le commentaire

Partager sur d’autres sites

jaja33

Lien vers le commentaire

Partager sur d’autres sites

angelique

Lien vers le commentaire

Partager sur d’autres sites

jaja33

Lien vers le commentaire

Partager sur d’autres sites

angelique

Lien vers le commentaire

Partager sur d’autres sites

angelique

Lien vers le commentaire

Partager sur d’autres sites

jaja33

Lien vers le commentaire

Partager sur d’autres sites

angelique

Lien vers le commentaire

Partager sur d’autres sites

jaja33

Lien vers le commentaire

Partager sur d’autres sites

angelique

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer