GMER 1.0.12.11654 - http://www.gmer.net Rootkit scan 2006-10-08 20:07:55 Windows 5.1.2600 Dodatek Service Pack 2 ---- User code sections - GMER 1.0.12 ---- .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\cmd.exe[636] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\cmd.exe[636] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\cmd.exe[636] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\cmd.exe[636] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\winlogon.exe[656] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\winlogon.exe[656] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\winlogon.exe[656] PSAPI.DLL!EnumProcessModules 76BE1F1C 5 Bytes JMP 3EBBEDE6 .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 6 Bytes .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!WSAAsyncGetHostByName + 9 71A5E98E 6 Bytes JMP 3EBBA8E5 .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!WSAConnect + 2 71A60C6B 7 Bytes .text D:\WINDOWS\system32\winlogon.exe[656] WS2_32.dll!WSAConnect + 10 71A60C73 6 Bytes JMP 3EBBA83F .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\services.exe[704] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\services.exe[704] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\services.exe[704] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\services.exe[704] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\services.exe[704] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\services.exe[704] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\services.exe[704] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\services.exe[704] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\services.exe[704] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\services.exe[704] PSAPI.DLL!EnumProcessModules 76BE1F1C 5 Bytes JMP 3EBBEDE6 .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\lsass.exe[716] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\lsass.exe[716] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\lsass.exe[716] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\lsass.exe[716] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\lsass.exe[716] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\svchost.exe[880] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\svchost.exe[880] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\svchost.exe[968] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\svchost.exe[1056] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\svchost.exe[1056] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\svchost.exe[1156] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\svchost.exe[1156] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\svchost.exe[1248] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\system32\spoolsv.exe[1404] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\system32\spoolsv.exe[1404] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\system32\spoolsv.exe[1404] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\system32\spoolsv.exe[1404] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\system32\spoolsv.exe[1404] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\system32\spoolsv.exe[1404] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\system32\spoolsv.exe[1404] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 3EBBD79A .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!NtQueryInformationFile 7C90DFDC 5 Bytes JMP 3EBC0F6C .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 3EBBC57A .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!NtReadVirtualMemory 7C90E2BB 5 Bytes JMP 3EBBB7A0 .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!NtVdmControl 7C90E975 5 Bytes JMP 3EBBB385 .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 3EBBE1E8 .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 3EBB9581 .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 3EBB9432 .text D:\WINDOWS\explorer.exe[1632] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9538ED 6 Bytes JMP 3EBBE4E4 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EBBD045 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EBB8BAE .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EBB872E .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EBB8723 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EBBC72A .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EBBB2B8 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EBB7D51 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EBBA270 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FreeLibrary + 2 7C80AA68 7 Bytes JMP 3EBB81B9 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetProcAddress + 2 7C80AC2A 5 Bytes JMP 3EBB9AF7 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!LoadLibraryW + 2 7C80ACD5 5 Bytes JMP 3EBBA007 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetFileAttributesW + 2 7C80B5D6 6 Bytes JMP 3EBC159A .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FreeLibraryAndExitThread + 2 7C80CEA3 6 Bytes JMP 3EBB8665 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FindFirstFileExW + 2 7C80EC7F 9 Bytes JMP 3EBBD4E1 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FindFirstFileW + 2 7C80F0E3 5 Bytes JMP 3EBC189B .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FindNextFileW 7C80F13A 7 Bytes JMP 3EBC1A9C .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!CreateFileW + 2 7C810978 6 Bytes JMP 3EBC1B5C .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetFileAttributesExW + 2 7C81130F 6 Bytes JMP 3EBC0C05 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetFileAttributesA + 2 7C81174E 6 Bytes JMP 3EBBD93E .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetFileAttributesExA + 2 7C813533 6 Bytes JMP 3EBBC80F .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FindFirstFileA + 2 7C81355B 9 Bytes JMP 3EBBB9B3 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!ExitProcess + 2 7C81CAA4 5 Bytes JMP 3EBB8E54 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!OpenProcess + 2 7C81E07B 6 Bytes JMP 3EBBFAB2 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!DeleteFileA + 2 7C81E85E 6 Bytes JMP 3EBC033E .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!DeleteFileW + 2 7C81F73F 6 Bytes JMP 3EBBDD9F .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!SetFileAttributesA + 2 7C81FB46 6 Bytes JMP 3EBC11F0 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!SetFileAttributesW + 2 7C81FC07 6 Bytes JMP 3EBBD061 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 3EBBDF82 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!MoveFileWithProgressA + 2 7C8222B5 6 Bytes JMP 3EBBD772 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!OpenFile 7C826B99 5 Bytes JMP 3EBBF576 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FindNextFileA + 2 7C83901B 9 Bytes JMP 3EBC1577 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!MoveFileExW + 2 7C839921 6 Bytes JMP 3EBC0658 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!FindFirstFileExA + 2 7C85C2F4 9 Bytes JMP 3EBBBADC .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!MoveFileExA + 2 7C85D2A5 6 Bytes JMP 3EBBCD1D .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!_lopen + 2 7C85E612 6 Bytes JMP 3EBBE63C .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!WinExec + 2 7C86114F 6 Bytes JMP 3EBB8CAB .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Process32FirstW + 2 7C8639D6 6 Bytes JMP 3EBBEE97 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Process32First + 2 7C863A8F 9 Bytes JMP 3EBC126D .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Process32NextW + 2 7C863B61 6 Bytes JMP 3EBBFC93 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Process32Next + 2 7C863C02 9 Bytes JMP 3EBC01F3 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Thread32First + 2 7C863CD4 6 Bytes JMP 3EBBD280 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Thread32Next + 2 7C863D88 6 Bytes JMP 3EBBCD64 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Module32FirstW + 2 7C863E21 6 Bytes JMP 3EBBB2DA .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Module32First + 2 7C863EDA 9 Bytes JMP 3EBBF40C .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Module32NextW + 2 7C863FBE 6 Bytes JMP 3EBBB051 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!Module32Next + 2 7C86405F 9 Bytes JMP 3EBBB7E1 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetBinaryTypeW 7C86783C 5 Bytes JMP 3EBC0583 .text D:\WINDOWS\explorer.exe[1632] kernel32.dll!GetBinaryType + 2 7C867C9D 6 Bytes JMP 3EBBE425 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegOpenKeyExW + 2 77DC6A7A 6 Bytes JMP 3EBBCBC9 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegCloseKey + 2 77DC6BF2 6 Bytes JMP 3EBBF543 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryValueExW + 2 77DC6FCA 2 Bytes .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryValueExW + 5 77DC6FCD 3 Bytes .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegCreateKeyExW + 2 77DC7537 6 Bytes JMP 3EBBD210 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegOpenKeyExA + 2 77DC761D 6 Bytes JMP 3EBC16B5 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryValueExA + 2 77DC7885 6 Bytes JMP 3EBC0C91 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegEnumValueW + 2 77DC8083 6 Bytes JMP 3EBBCEDC .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegSetValueExW 77DCD7CC 7 Bytes JMP 3EBBFFF5 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryValueW + 2 77DCD8E4 6 Bytes JMP 3EBBB6CF .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegCreateKeyExA + 2 77DCEAF6 6 Bytes JMP 3EBC0BBD .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegSetValueExA 77DCEBE7 7 Bytes JMP 3EBBDBBE .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegDeleteValueA + 2 77DCEDE7 6 Bytes JMP 3EBBF2B1 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegDeleteValueW + 2 77DCEEF3 6 Bytes JMP 3EBBF8D8 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegSetValueA + 2 77DD6F4B 5 Bytes JMP 3EBC0761 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!SetFileSecurityW + 2 77DDAA6B 6 Bytes JMP 3EBBC270 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegEnumValueA + 2 77DDCF4C 6 Bytes JMP 3EBBB5AD .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DE1287 6 Bytes JMP 3EBC03D0 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!CreateProcessAsUserW + 2 77DE7777 6 Bytes JMP 3EBBA57A .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegDeleteKeyW + 2 77DE9886 6 Bytes JMP 3EBBD3DB .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!GetFileSecurityW + 2 77DEBCE0 6 Bytes JMP 3EBBC493 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegDeleteKeyA + 2 77DEC125 6 Bytes JMP 3EBBEF65 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DEC1B7 6 Bytes JMP 3EBC0F34 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegOpenKeyA + 2 77DEC41D 6 Bytes JMP 3EBBD630 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryValueA + 2 77DECC12 6 Bytes JMP 3EBBB8E6 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DECCF1 6 Bytes JMP 3EBBBD5F .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DED07A 7 Bytes JMP 3EBBD383 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegCreateKeyA + 2 77DED5BD 6 Bytes JMP 3EBC1DBF .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!SetFileSecurityA + 2 77DFD2FF 5 Bytes JMP 3EBBF19D .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!GetFileSecurityA + 2 77DFD365 5 Bytes JMP 3EBBED1E .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!CreateProcessAsUserA + 2 77E0095A 6 Bytes JMP 3EBB9067 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!CreateProcessWithLogonW 77E05C9D 5 Bytes JMP 3EBB818D .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77E11546 7 Bytes JMP 3EBBCEC7 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77E11592 7 Bytes JMP 3EBBDB83 .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E2553D 6 Bytes JMP 3EBBE03C .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E2589F 6 Bytes JMP 3EBBE9BC .text D:\WINDOWS\explorer.exe[1632] ADVAPI32.dll!RegSetValueW + 2 77E25FC4 5 Bytes JMP 3EBC008F .text D:\WINDOWS\explorer.exe[1632] USER32.dll!ExitWindowsEx + 2 77D79E6F 6 Bytes JMP 3EBB8C3C .text D:\WINDOWS\explorer.exe[1632] WS2_32.dll!getaddrinfo + 2 71A52A71 5 Bytes JMP 3EBBAC92 .text D:\WINDOWS\explorer.exe[1632] WS2_32.dll!connect + 2 71A5406C 6 Bytes JMP 3EBBAAFC .text D:\WINDOWS\explorer.exe[1632] WS2_32.dll!gethostbyname + 2 71A54FD6 9 Bytes JMP 3EBBAB16 .text D:\WINDOWS\explorer.exe[1632] WS2_32.dll!WSAAsyncGetHostByName + 2 71A5E987 13 Bytes .text D:\WINDOWS\explorer.exe[1632] WS2_32.dll!WSAConnect + 2 71A60C6B 14 Bytes ---- Files - GMER 1.0.12 ---- File D:\WINDOWS\com4.exg File D:\WINDOWS\wgifi1.dll ---- EOF - GMER 1.0.12 ----