The removed threats from mbam and SAS were false positives from my SARDU disk that i made a few days ago. I had installed bitdefender free and upon rebooting was greeted by the same BSOD but i just went back as usual and selected to boot with last known configuration, even though its not a permenent fix and it will reappear when i install or uninstall anything and reboot. I have one log file with all the logs in one attached. Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7112 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 7/13/2011 2:12:17 PM mbam-log-2011-07-13 (14-12-17).txt Scan type: Full scan (C:\|) Objects scanned: 372142 Time elapsed: 1 hour(s), 30 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Owner\Desktop\PSU\Sardu v2\sardu.exe (Trojan.Agent) -> Quarantined and deleted successfully. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/13/2011 at 02:25 PM Application Version : 4.55.1000 Core Rules Database Version : 7402 Trace Rules Database Version: 5212 Scan type : Complete Scan Total Scan Time : 02:04:19 Memory items scanned : 346 Memory threats detected : 0 Registry items scanned : 8329 Registry threats detected : 0 File items scanned : 225862 File threats detected : 1 Trojan.Agent/Gen-FakeAlert[OShot] C:\USERS\OWNER\DESKTOP\PSU\SARDU V2\ISO\ISOLINUX\HBCD\HBCDMENU.EXE GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-13 15:00:42 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-00HXZT1 rev.01.01A01 Running: 92uvqfu5.exe; Driver: C:\Users\Owner\AppData\Local\Temp\ugloapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x842232D0] Code 947C8BFC ZwTraceEvent Code 947C8BFB NtTraceEvent ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!NtTraceEvent 83474E34 5 Bytes JMP 947C8C00 .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83485579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834A9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 834B1CB8 4 Bytes [D0, 32, 22, 84] PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 836B70A5 5 Bytes JMP 947C8DE0 PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 836B8ACD 5 Bytes JMP 947C8D40 PAGE ntkrnlpa.exe!NtRequestPort + 2 836CCD33 5 Bytes JMP 947C8CA0 .reloc C:\Windows\SYSTEM32\drivers\diskpt.sys section is executable [0x8414B680, 0x15D88, 0xE0000060] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 97F3E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 97F3E123 629 Bytes [95, F3, 97, FE, 05, 34, 95, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 97F3E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 97F3E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B 97F3E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\Dwm.exe[208] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[208] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\Dwm.exe[208] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[208] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\Dwm.exe[208] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[208] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\Dwm.exe[208] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\Dwm.exe[208] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\Dwm.exe[208] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\Dwm.exe[208] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\Dwm.exe[208] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\wininit.exe[412] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[412] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\wininit.exe[412] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[412] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\wininit.exe[412] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\wininit.exe[412] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[412] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\wininit.exe[412] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[412] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[412] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\wininit.exe[412] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\wininit.exe[412] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\wininit.exe[412] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\wininit.exe[412] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\winlogon.exe[476] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 7150000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 70F3000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 713E000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 714A000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7171000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 7120000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 7168000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 7123000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7108000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 70EA000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 710B000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!MoveFileExW 7612BF28 4 Bytes JMP EC001E25 .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!MoveFileExW + 5 7612BF2D 1 Byte [70] .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 7156000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 7141000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 713B000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 716B000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7177000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 711A000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70F9000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 7138000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 7126000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 71AE000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 716E000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7174000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 711D000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 71A4000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 70F0000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 71A7000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 7153000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 70F6000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 714D000A .text C:\Windows\system32\winlogon.exe[476] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 7135000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 715F000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 715C000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 7111000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 710E000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[476] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [58, 71] .text C:\Windows\system32\winlogon.exe[476] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 7114000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70FC000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 7117000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70FF000A .text C:\Windows\system32\winlogon.exe[476] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7162000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7195000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 719B000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [82, 71] .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7102000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 71A1000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7189000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7186000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7198000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7192000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 7165000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 712F000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 7129000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 712C000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 7132000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 719E000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7180000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 718F000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 717D000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 717A000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 718C000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7105000A .text C:\Windows\system32\winlogon.exe[476] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\winlogon.exe[476] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 7144000A .text C:\Windows\system32\winlogon.exe[476] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 7147000A .text C:\Windows\system32\services.exe[516] ntdll.dll!NtAlpcSendWaitReceivePort 77954860 5 Bytes JMP 100285D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[516] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\services.exe[516] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[516] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\services.exe[516] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\services.exe[516] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\services.exe[516] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\services.exe[516] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\services.exe[516] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\services.exe[516] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\system32\services.exe[516] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\services.exe[516] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\services.exe[516] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\services.exe[516] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\services.exe[516] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\services.exe[516] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\services.exe[516] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\services.exe[516] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\services.exe[516] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\services.exe[516] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\services.exe[516] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\services.exe[516] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\services.exe[516] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\services.exe[516] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\services.exe[516] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\services.exe[516] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\services.exe[516] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\services.exe[516] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\services.exe[516] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\services.exe[516] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[516] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\services.exe[516] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\services.exe[516] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\services.exe[516] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\services.exe[516] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\services.exe[516] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\services.exe[516] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[516] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\services.exe[516] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\services.exe[516] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\services.exe[516] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\services.exe[516] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\services.exe[516] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\services.exe[516] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\services.exe[516] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\services.exe[516] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[516] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\services.exe[516] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\services.exe[516] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\services.exe[516] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\services.exe[516] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\services.exe[516] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\services.exe[516] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\services.exe[516] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\services.exe[516] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\services.exe[516] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\services.exe[516] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\services.exe[516] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5D, 71] .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[532] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F0000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7093000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70DE000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70EA000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7111000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C0000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 7108000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C3000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70A8000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 708A000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70AB000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 708D000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70F6000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E1000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70DB000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 710B000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7117000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70BA000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7099000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70D8000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70C6000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 714A000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 710E000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7114000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70BD000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7144000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7090000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7147000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F3000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7096000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileExA 7616BBA1 4 Bytes JMP EC001E25 .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CopyFileExA + 5 7616BBA6 1 Byte [70] .text C:\Windows\system32\lsass.exe[532] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7161000A .text C:\Windows\system32\lsass.exe[532] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70D5000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7102000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7135000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 713B000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [22, 71] .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A2000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7141000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7129000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7126000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7138000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7132000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 7105000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70CF000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70C9000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70CC000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D2000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 713E000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7120000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 712F000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 711D000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 711A000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 712C000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7153000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70A5000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7156000A .text C:\Windows\system32\lsass.exe[532] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[532] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [4C, 71] .text C:\Windows\system32\lsass.exe[532] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70FF000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70FC000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B1000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70AE000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[532] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [F8, 70] .text C:\Windows\system32\lsass.exe[532] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7150000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70B4000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 709C000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70B7000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 709F000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsass.exe[532] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\lsass.exe[532] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\lsass.exe[532] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsass.exe[532] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\lsass.exe[532] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70E4000A .text C:\Windows\system32\lsass.exe[532] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\lsass.exe[532] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\lsass.exe[532] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\lsass.exe[532] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70E7000A .text C:\Windows\system32\lsm.exe[544] ntdll.dll!NtClose 77954910 5 Bytes JMP 0043CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[544] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\lsm.exe[544] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[544] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\lsm.exe[544] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0043CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00445680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 004426F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00443280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00441220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\lsm.exe[544] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00441B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\lsm.exe[544] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[544] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\lsm.exe[544] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[544] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\lsm.exe[544] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\lsm.exe[544] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\lsm.exe[544] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\lsm.exe[544] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0044DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\lsm.exe[544] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\lsm.exe[544] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0044E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\lsm.exe[544] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0044E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[588] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[660] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[660] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7083000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C0000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C3000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7099000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7079000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709C000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707D000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AB000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7089000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70C6000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70BD000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7080000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7086000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\svchost.exe[660] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[660] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\svchost.exe[660] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A2000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 709F000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[660] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\svchost.exe[660] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A5000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708C000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A8000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708F000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[660] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\svchost.exe[660] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\svchost.exe[660] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7093000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70C9000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70CC000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7096000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\svchost.exe[660] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\svchost.exe[660] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[736] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\svchost.exe[736] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\svchost.exe[736] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[736] user32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[736] user32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\svchost.exe[736] user32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\svchost.exe[736] user32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\svchost.exe[736] user32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[736] user32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\svchost.exe[736] user32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\svchost.exe[736] user32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[736] user32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\svchost.exe[736] user32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[736] user32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\svchost.exe[736] user32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\svchost.exe[736] user32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\svchost.exe[736] user32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\svchost.exe[736] user32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\svchost.exe[736] user32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\svchost.exe[736] user32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[736] user32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\svchost.exe[736] user32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[736] user32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\svchost.exe[736] user32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\svchost.exe[736] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\System32\svchost.exe[868] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[868] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\System32\svchost.exe[868] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[868] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\System32\svchost.exe[868] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\System32\svchost.exe[868] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\System32\svchost.exe[868] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[868] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\System32\svchost.exe[868] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[868] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\System32\svchost.exe[868] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[868] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\System32\svchost.exe[868] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\System32\svchost.exe[868] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\System32\svchost.exe[868] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\System32\svchost.exe[868] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\System32\svchost.exe[900] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[900] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [57, 71] .text C:\Windows\System32\svchost.exe[900] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[900] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [6F, 71] .text C:\Windows\System32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70DB000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 707E000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70C9000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70D5000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7110000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70AB000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70F3000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70AE000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7093000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7075000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 7096000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7078000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70E1000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70CC000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70C6000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 70F6000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7116000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70A5000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7084000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70C3000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B1000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7149000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 70FB000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 7194000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7113000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70A8000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 716D000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7143000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 707B000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7146000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70DE000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 716A000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7081000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70D8000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!WinExec 7616E695 6 Bytes JMP 7177000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 715B000A .text C:\Windows\System32\svchost.exe[900] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C0000A .text C:\Windows\System32\svchost.exe[900] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[900] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [4B, 71] .text C:\Windows\System32\svchost.exe[900] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70EA000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 7164000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70E7000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 709C000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 7099000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[900] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [E3, 70] {JECXZ 0x72} .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 718E000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 7167000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 714F000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 709F000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 7087000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A2000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708A000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[900] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [60, 71] .text C:\Windows\System32\svchost.exe[900] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7191000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 715E000A .text C:\Windows\System32\svchost.exe[900] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!OpenSCManagerW 7712D1F5 4 Bytes JMP EC001E25 .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!OpenSCManagerW + 5 7712D1FA 1 Byte [70] .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7134000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 713A000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [21, 71] .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 708D000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7140000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7128000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7125000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7137000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7131000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70F0000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70BA000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70B4000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70B7000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70BD000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 713D000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 711F000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 712E000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 711C000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7119000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 712B000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7152000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7090000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7155000A .text C:\Windows\System32\svchost.exe[900] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\System32\svchost.exe[900] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7180000A .text C:\Windows\System32\svchost.exe[900] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70CF000A .text C:\Windows\System32\svchost.exe[900] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 717A000A .text C:\Windows\System32\svchost.exe[900] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 717D000A .text C:\Windows\System32\svchost.exe[900] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 7183000A .text C:\Windows\System32\svchost.exe[900] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70D2000A .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [1F, 71] .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[928] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [42, 71] .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 7092000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 6FF9000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 704A000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 7068000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 70D5000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 7027000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 7183000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70AA000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 702A000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 700F000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 6FF0000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 7012000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 6FF3000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 7098000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 7053000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 7047000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 70AD000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 70DE000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 7021000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7000000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 7044000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 702D000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 70BC000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 717D000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 717A000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 70DB000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 7024000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7140000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 6FF6000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 7095000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 7180000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 713D000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 6FFC000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 706B000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!WinExec 7616E695 6 Bytes JMP 715D000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 712E000A .text C:\Windows\system32\svchost.exe[928] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 7041000A .text C:\Windows\system32\svchost.exe[928] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[928] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [13, 71] .text C:\Windows\system32\svchost.exe[928] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70A1000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 7137000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 709E000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 7018000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 7015000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[928] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [9A, 70] .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 713A000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7117000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 701B000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 7003000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 701E000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 7006000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[928] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [33, 71] .text C:\Windows\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7177000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7131000A .text C:\Windows\system32\svchost.exe[928] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70A4000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes JMP 54FB4B7C .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7009000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 70F0000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegSetValueExW 77131C82 4 Bytes JMP EC001E25 .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegSetValueExW + 5 77131C87 1 Byte [70] .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 70FF000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 70F9000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70A7000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 703B000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 7035000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 7038000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 703E000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7105000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 70E7000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 70F6000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 70E4000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 70E1000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 70F3000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 711A000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 700C000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[928] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 7186000A .text C:\Windows\system32\svchost.exe[928] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7166000A .text C:\Windows\system32\svchost.exe[928] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 7058000A .text C:\Windows\system32\svchost.exe[928] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7160000A .text C:\Windows\system32\svchost.exe[928] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7163000A .text C:\Windows\system32\svchost.exe[928] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 7169000A .text C:\Windows\system32\svchost.exe[928] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 705B000A .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\UnsignedThemesSvc.exe[964] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\UnsignedThemesSvc.exe[964] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\UnsignedThemesSvc.exe[964] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\UnsignedThemesSvc.exe[964] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\Explorer.EXE[1064] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1064] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\Explorer.EXE[1064] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1064] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\Explorer.EXE[1064] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\Explorer.EXE[1064] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\Explorer.EXE[1064] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1064] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\Explorer.EXE[1064] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1064] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\Explorer.EXE[1064] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\Explorer.EXE[1064] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\Explorer.EXE[1064] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\Explorer.EXE[1064] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\Explorer.EXE[1064] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\Explorer.EXE[1064] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\Explorer.EXE[1064] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [53, 71] .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70EB000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 708E000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70D9000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70E5000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 710C000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70BB000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 7103000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70BE000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70A3000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7085000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70A6000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7088000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70F1000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70DC000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70D6000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7106000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7112000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70B5000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7094000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70D3000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70C1000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7145000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7109000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 710F000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70B8000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 713F000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 708B000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7142000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70EE000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7166000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7091000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70E8000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7157000A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70D0000A .text C:\Windows\system32\svchost.exe[1068] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1068] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [47, 71] .text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70FA000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 7160000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70F7000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70AC000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70A9000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1068] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [F3, 70] .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 7163000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 714B000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70AF000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 7097000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70B2000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 709A000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1068] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [5C, 71] .text C:\Windows\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 715A000A .text C:\Windows\system32\svchost.exe[1068] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70FD000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7130000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7136000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [1D, 71] .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 709D000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 713C000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7124000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7121000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7133000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 712D000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 7100000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70CA000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70C4000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70C7000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70CD000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7139000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 711B000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 712A000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7118000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7115000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7127000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 714E000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70A0000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7151000A .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70DF000A .text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1068] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70E2000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5D, 71] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F5000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7098000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E3000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70EF000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7116000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C5000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710D000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C8000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AD000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 708F000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B0000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7092000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FB000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E6000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E0000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7110000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711C000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70BF000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709E000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DD000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CB000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 714F000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7113000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7119000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C2000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7173000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7149000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7095000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714C000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F8000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7170000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709B000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F2000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717D000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7161000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DA000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7107000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713A000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7140000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [27, 71] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A7000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7146000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712E000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712B000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713D000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7137000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710A000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D4000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CE000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D1000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D7000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7143000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7125000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7134000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7122000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 711F000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7131000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7158000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AA000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715B000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [51, 71] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7104000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716A000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7101000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B6000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B3000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FD, 70] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716D000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7155000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70B9000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A1000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BC000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A4000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [66, 71] .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7164000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7186000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70E9000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7180000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7183000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 7189000A .text C:\Program Files\Sandboxie\SbieSvc.exe[1156] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EC000A .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [3B, 71] .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70CB000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 706E000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70B9000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70C5000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 70EC000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 709B000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70E3000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 709E000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7083000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7065000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 7086000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7068000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70D1000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70BC000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70B6000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 70E6000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 70F2000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 7095000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7074000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70B3000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70A1000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 712D000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 70E9000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 70EF000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 7098000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7167000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7127000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 706B000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 712A000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70CE000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7164000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7071000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70C8000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 713F000A .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70B0000A .text C:\Windows\system32\svchost.exe[1260] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [2F, 71] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70DA000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 715B000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70D7000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 708C000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 7089000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [D3, 70] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 715E000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7133000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 708F000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 7077000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 7092000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 707A000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [44, 71] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7142000A .text C:\Windows\system32\svchost.exe[1260] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70DD000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7113000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7119000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [FD, 70] .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 707D000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7124000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7104000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7101000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7116000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 710D000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70E0000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70AA000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70A4000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70A7000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70AD000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7121000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 70FB000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 710A000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 70F8000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 70F5000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7107000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7136000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7080000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7139000A .text C:\Windows\system32\svchost.exe[1260] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1260] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70BF000A .text C:\Windows\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1260] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70C2000A .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70DC000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 707F000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70CA000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70D6000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 70FE000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70AC000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70F4000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70AF000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7094000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 706D000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 7097000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7079000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70E2000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70CD000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70C7000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 70F8000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7104000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70A6000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7085000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70C4000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B2000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 70FB000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7101000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70A9000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 707C000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70DF000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7082000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70D9000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\System32\spoolsv.exe[1428] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C1000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70EB000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70E8000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 709D000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 709A000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [E4, 70] {IN AL, 0x70} .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A0000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 7088000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A3000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708B000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\System32\spoolsv.exe[1428] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70EE000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7123000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7129000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [0F, 71] .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 708E000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7116000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7113000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7126000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7120000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70F1000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70BB000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70B5000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70B8000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70BE000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 710D000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 711D000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 710A000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7107000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7119000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7091000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\System32\spoolsv.exe[1428] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\System32\spoolsv.exe[1428] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\spoolsv.exe[1428] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\System32\spoolsv.exe[1428] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70D0000A .text C:\Windows\System32\spoolsv.exe[1428] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\System32\spoolsv.exe[1428] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\System32\spoolsv.exe[1428] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\System32\spoolsv.exe[1428] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70D3000A .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [49, 71] .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [64, 71] .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70E1000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7083000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70CE000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70DA000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B0000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70F9000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70B3000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7098000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 707A000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709B000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707D000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70E7000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70D1000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70CB000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AA000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7089000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70C8000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B6000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 713B000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 70FF000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7105000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70AD000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7162000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7135000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7080000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7138000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70E4000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 715C000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7086000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70DE000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!WinExec 7616E695 6 Bytes JMP 716C000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 714D000A .text C:\Windows\system32\svchost.exe[1456] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C5000A .text C:\Windows\system32\svchost.exe[1456] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1456] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [3D, 71] .text C:\Windows\system32\svchost.exe[1456] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70F0000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 7156000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70ED000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A1000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 709E000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 7159000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7141000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A4000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708C000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A7000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708F000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1456] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [52, 71] .text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7150000A .text C:\Windows\system32\svchost.exe[1456] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70F3000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7126000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 712C000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [13, 71] .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7092000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7132000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 711A000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7117000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7129000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7123000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70F6000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70BF000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70B9000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70BC000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70C2000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 712F000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7120000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7144000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7095000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7147000A .text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[1456] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1456] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70D4000A .text C:\Windows\system32\svchost.exe[1456] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 716F000A .text C:\Windows\system32\svchost.exe[1456] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7172000A .text C:\Windows\system32\svchost.exe[1456] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1456] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70D7000A .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtClose 77954910 5 Bytes JMP 001DCE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [4F, 71] .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 001DCF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 001E5680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 001E26F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 001E3280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 001E1220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70E6000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7083000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70CE000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70E0000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7107000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B0000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70FE000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70B3000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7098000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 707A000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709B000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707D000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70EC000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70D7000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70CB000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7101000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 710D000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AA000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7089000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70C8000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B6000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7141000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7104000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 710A000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70AD000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 713B000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7080000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 713E000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70E9000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7162000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7086000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70E3000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7153000A .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C5000A .text C:\Windows\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlA 7743DC18 6 Bytes JMP 70D4000A .text C:\Windows\System32\svchost.exe[1540] WININET.dll!InternetOpenUrlW 7748DC14 6 Bytes JMP 70D1000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1540] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [43, 71] .text C:\Windows\System32\svchost.exe[1540] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70F5000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 715C000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70F2000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A1000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 709E000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1540] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [EE, 70] .text C:\Windows\System32\svchost.exe[1540] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 715F000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7147000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A4000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708C000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A7000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708F000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1540] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [58, 71] .text C:\Windows\System32\svchost.exe[1540] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7156000A .text C:\Windows\System32\svchost.exe[1540] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 001EDF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70F8000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 712C000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7132000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [18, 71] .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7092000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7138000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7120000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 711D000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 712F000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7129000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70FB000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70BF000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70B9000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70BC000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70C2000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7135000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7116000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7126000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7113000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7110000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7123000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 714A000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7095000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 001E1B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 714D000A .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\System32\svchost.exe[1540] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 001EE1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 001EE410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[1540] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\System32\svchost.exe[1540] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70DA000A .text C:\Windows\System32\svchost.exe[1540] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\System32\svchost.exe[1540] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\System32\svchost.exe[1540] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\System32\svchost.exe[1540] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70DD000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Program Files\Bonjour\mDNSResponder.exe[1564] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [53, 71] .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70D1000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7074000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70BF000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70CB000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 70F2000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70A1000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 70E9000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70A4000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7089000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 706B000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 708C000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 706E000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70D7000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70C2000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70BC000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 70EC000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 70F8000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 709B000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 707A000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70B9000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70A7000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7145000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 70EF000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 70F5000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 709E000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7126000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7071000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7129000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70D4000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7166000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7077000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70CE000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7157000A .text C:\Windows\system32\svchost.exe[1604] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70B6000A .text C:\Windows\system32\svchost.exe[1604] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1604] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [47, 71] .text C:\Windows\system32\svchost.exe[1604] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70E0000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 7160000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70DD000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 7092000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 708F000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1604] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [D9, 70] .text C:\Windows\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 7163000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 714B000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 7095000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 707D000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 7098000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 7080000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1604] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [5C, 71] .text C:\Windows\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 715A000A .text C:\Windows\system32\svchost.exe[1604] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70E3000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7117000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [04, 71] {ADD AL, 0x71} .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7083000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7123000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 711A000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7114000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70E6000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70B0000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70AA000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70AD000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70B3000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7120000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 70FF000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 714E000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7086000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7151000A .text C:\Windows\system32\svchost.exe[1604] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1604] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70C5000A .text C:\Windows\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1604] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70C8000A .text C:\Windows\system32\sppsvc.exe[1672] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\sppsvc.exe[1672] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [61, 71] .text C:\Windows\system32\sppsvc.exe[1672] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\sppsvc.exe[1672] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [79, 71] {JNS 0x73} .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateProcessW 760E202D 6 Bytes JMP 718F000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateProcessA 760E2062 6 Bytes JMP 7192000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F9000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7095000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E0000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70EC000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 711A000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C2000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 7111000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C5000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AA000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 708C000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70AD000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 708F000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FF000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E3000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70DD000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7114000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7120000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70BC000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709B000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DA000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70C8000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7153000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7117000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711D000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70BF000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7177000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714D000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7092000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7150000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FC000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7174000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7098000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F6000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!WinExec 7616E695 6 Bytes JMP 7180000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7165000A .text C:\Windows\system32\sppsvc.exe[1672] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70D7000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 710B000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713E000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7144000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [2B, 71] .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A4000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 714A000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7132000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712F000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7141000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 713B000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710E000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D1000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CB000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70CE000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D4000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7147000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7129000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7138000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7126000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7123000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7135000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715C000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70A7000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715F000A .text C:\Windows\system32\sppsvc.exe[1672] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [55, 71] .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7108000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716E000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7105000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B3000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B0000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [01, 71] .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 7171000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7159000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70B6000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 709E000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70B9000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A1000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [6A, 71] {PUSH 0x71} .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7168000A .text C:\Windows\system32\sppsvc.exe[1672] USER32.dll!EndTask 75DBFD8E 6 Bytes JMP 717D000A .text C:\Windows\system32\sppsvc.exe[1672] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7189000A .text C:\Windows\system32\sppsvc.exe[1672] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70E6000A .text C:\Windows\system32\sppsvc.exe[1672] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7183000A .text C:\Windows\system32\sppsvc.exe[1672] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7186000A .text C:\Windows\system32\sppsvc.exe[1672] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718C000A .text C:\Windows\system32\sppsvc.exe[1672] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70E9000A .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70E8000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7062000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70D6000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70E2000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B8000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70BB000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7084000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7059000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 7087000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 705C000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70EE000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70D9000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70D3000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7105000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70B2000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7075000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70D0000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70BE000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70B5000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 705F000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70EB000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7072000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70E5000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\svchost.exe[1712] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70CD000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [25, 71] .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 707E000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7129000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 70FF000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70C7000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70C1000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70C4000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70CA000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7123000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7120000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7081000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\svchost.exe[1712] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1712] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\svchost.exe[1712] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70F8000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70F4000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 708D000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 708A000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1712] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [F0, 70] .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 7090000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 7078000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70AF000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 707B000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[1712] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\svchost.exe[1712] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\svchost.exe[1712] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[1712] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[1712] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70DC000A .text C:\Windows\system32\svchost.exe[1712] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[1712] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[1712] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[1712] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70DF000A .text C:\Program Files\ThreatFire\TFService.exe[1744] ntdll.dll!NtClose 77954910 5 Bytes JMP 0031CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0031CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00325680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 003226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00323280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00321220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0032DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00321B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0032E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFService.exe[1744] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0032E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!NtClose 77954910 5 Bytes JMP 0020CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0020CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00215680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 002126F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00213280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00211220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0021DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00211B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0021E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Users\Owner\Downloads\92uvqfu5.exe[1788] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0021E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [53, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70EB000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7082000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70D9000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70E5000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 710C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B0000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 7103000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70B3000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 7098000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7078000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70F1000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70DC000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70CB000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7106000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 7112000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AA000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7088000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70C8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B6000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7145000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7109000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 710F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70AD000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 713F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 707F000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 7142000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70EE000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7166000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7085000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70E8000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7157000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C5000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 70FD000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 7130000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7136000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [1D, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7092000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 713C000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7124000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 7121000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 7133000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 712D000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 7100000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70BF000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70B9000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70BC000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70C2000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7139000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 711B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 712A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7118000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7115000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7127000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 714E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7095000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 7151000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [47, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 70FA000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 7160000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 70F7000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A1000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 709E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [F3, 70] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 7163000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 714B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A4000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708B000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A7000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708E000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [5C, 71] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 715A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70DF000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1932] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70E2000A .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 708C000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 708F000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\taskhost.exe[2192] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\taskhost.exe[2192] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\taskhost.exe[2192] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\taskhost.exe[2192] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\taskhost.exe[2192] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7099000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E4000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C6000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C9000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AE000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7090000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B1000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7093000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E1000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C0000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 709F000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DE000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CC000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C3000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7096000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709C000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Windows\system32\svchost.exe[2364] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DB000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A8000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D5000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70CF000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D2000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D8000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AB000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Windows\system32\svchost.exe[2364] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Windows\system32\svchost.exe[2364] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2364] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Windows\system32\svchost.exe[2364] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B7000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B4000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2364] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BA000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A2000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BD000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A5000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\svchost.exe[2364] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Windows\system32\svchost.exe[2364] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Windows\system32\svchost.exe[2364] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Windows\system32\svchost.exe[2364] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtClose 77954910 5 Bytes JMP 0051CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0051CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00525680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 005226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00523280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00521220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\System32\svchost.exe[2424] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2424] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\System32\svchost.exe[2424] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2424] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\System32\svchost.exe[2424] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2424] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\System32\svchost.exe[2424] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\System32\svchost.exe[2424] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0052DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00521B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\System32\svchost.exe[2424] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\System32\svchost.exe[2424] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\System32\svchost.exe[2424] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\System32\svchost.exe[2424] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\System32\svchost.exe[2424] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\System32\svchost.exe[2424] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\System32\svchost.exe[2424] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\System32\svchost.exe[2424] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0052E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[2424] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0052E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\system32\taskeng.exe[2452] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\system32\taskeng.exe[2452] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\system32\taskeng.exe[2452] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\system32\taskeng.exe[2452] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\system32\taskeng.exe[2452] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\system32\taskeng.exe[2452] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\system32\taskeng.exe[2452] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\system32\taskeng.exe[2452] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\system32\taskeng.exe[2452] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\system32\taskhost.exe[2708] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\system32\taskhost.exe[2708] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\system32\taskhost.exe[2708] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\system32\taskhost.exe[2708] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\system32\taskhost.exe[2708] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\system32\taskhost.exe[2708] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\system32\taskhost.exe[2708] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\system32\taskhost.exe[2708] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\system32\taskhost.exe[2708] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\system32\taskhost.exe[2708] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!NtClose 77954910 5 Bytes JMP 0064CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0064CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00655680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 006526F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00653280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00651220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7083000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70D2000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B4000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70B7000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 709C000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 707A000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707D000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70D5000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70CF000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AE000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7089000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70CC000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70BA000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70B1000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7080000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7086000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C9000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A5000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70A2000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A8000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708C000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70AB000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0065DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7096000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70C3000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70BD000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70C0000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70C6000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7099000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00651B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70D8000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70DB000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0065E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0065E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] WININET.dll!InternetOpenUrlA 7743DC18 6 Bytes JMP 7077000A .text C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[2828] WININET.dll!InternetOpenUrlW 7748DC14 6 Bytes JMP 7074000A .text C:\Program Files\ThreatFire\TFTray.exe[3008] ntdll.dll!NtClose 77954910 5 Bytes JMP 0118CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0118CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 01195680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 011926F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 01193280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 01191220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0119DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 01191B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0119E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\ThreatFire\TFTray.exe[3008] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0119E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[3036] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!NtClose 77954910 5 Bytes JMP 0068CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5D, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0068CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00695680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 006926F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00693280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00691220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F5000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7081000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70D0000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70EF000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7116000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B2000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A3000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70B5000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 709A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7078000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707B000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FB000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70D3000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70CD000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7110000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711C000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AC000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7087000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70CA000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B8000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 714F000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7113000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7119000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70AF000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7173000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7149000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 707E000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714C000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F8000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A0000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7170000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7084000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F2000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AD000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7161000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C7000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7186000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70D6000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7180000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7183000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 7189000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70D9000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [51, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7104000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7101000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A3000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70A0000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FD, 70] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7194000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7155000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A6000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A9000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [66, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7197000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7164000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0069DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7107000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7140000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [27, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7090000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7146000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712E000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712B000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7137000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70C1000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70BB000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70BE000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70C4000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7143000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7125000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7134000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7122000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 711F000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7131000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7158000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7097000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00691B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715B000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A6000A .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0069E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdwizreg.exe[3124] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0069E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!NtClose 77954910 5 Bytes JMP 0093CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5D, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0093CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00945680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 009426F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00943280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00941220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F5000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 7081000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70D0000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70EF000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7116000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70B2000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A3000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70B5000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 709A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7078000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 709D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 707B000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FB000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70D3000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70CD000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7110000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711C000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70AC000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7087000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70CA000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70B8000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 714F000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7113000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 7119000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70AF000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7173000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 7149000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 707E000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714C000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F8000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A0000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7170000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7084000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F2000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AD000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7161000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70C7000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [51, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7104000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7101000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70A3000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70A0000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FD, 70] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7194000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7155000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70A6000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 708A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70A9000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 708D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [66, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7197000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7164000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0094DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7107000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7140000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [27, 71] .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 7090000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7146000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712E000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712B000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713D000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7137000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710A000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70C1000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70BB000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70BE000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70C4000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7143000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7125000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7134000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7122000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 711F000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7131000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7158000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 7097000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00941B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715B000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A6000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7186000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70D6000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7180000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7183000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 7189000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70D9000A .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0094E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe[3212] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0094E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!NtAllocateVirtualMemory 77954720 5 Bytes JMP 0074CB10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5E, 71] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [76, 71] {JBE 0x73} .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F6000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 708F000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70DE000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F0000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7117000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C0000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A4000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710E000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70C3000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70A8000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7086000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70AB000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7089000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FC000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E7000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70DB000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7111000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711D000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70BA000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 7099000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70D8000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70C6000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7150000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7114000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719E000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719B000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711A000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70BD000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7174000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714A000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 708C000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714D000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70F9000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A1000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7171000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 7096000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F3000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717E000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AE000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7162000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70D5000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [52, 71] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7105000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716B000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7102000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B1000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70AE000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FE, 70] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7195000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716E000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7156000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70B4000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 709C000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70B7000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 709F000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [67, 71] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7198000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7165000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7187000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EA000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7181000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7184000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718A000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!Shell_NotifyIcon 7671B61E 4 Bytes JMP EC001E25 .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] SHELL32.dll!Shell_NotifyIcon + 5 7671B623 1 Byte [70] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7108000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713B000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7141000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [28, 71] .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A2000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7147000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 712F000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712C000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713E000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7138000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710B000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70CF000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70C9000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70CC000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D2000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7144000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7126000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7135000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7123000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7120000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7132000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 7159000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70A5000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715C000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A7000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] WININET.dll!InternetOpenUrlA 7743DC18 6 Bytes JMP 70E4000A .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] WININET.dll!InternetOpenUrlW 7748DC14 6 Bytes JMP 70E1000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Program Files\RocketDock\RocketDock.exe[3420] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\RocketDock\RocketDock.exe[3420] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\System32\StikyNot.exe[3428] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\System32\StikyNot.exe[3428] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\System32\StikyNot.exe[3428] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\System32\StikyNot.exe[3428] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\System32\StikyNot.exe[3428] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\System32\StikyNot.exe[3428] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\System32\StikyNot.exe[3428] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\System32\StikyNot.exe[3428] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\System32\StikyNot.exe[3428] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\StikyNot.exe[3428] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\system32\SearchIndexer.exe[3556] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\system32\SearchIndexer.exe[3556] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\system32\SearchIndexer.exe[3556] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchIndexer.exe[3556] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\system32\SearchIndexer.exe[3556] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\system32\SearchIndexer.exe[3556] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\system32\SearchIndexer.exe[3556] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\system32\SearchIndexer.exe[3556] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\system32\SearchIndexer.exe[3556] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchProtocolHost.exe[3896] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] WININET.dll!InternetOpenUrlA 7743DC18 6 Bytes JMP 708E000A .text C:\Windows\system32\SearchProtocolHost.exe[3896] WININET.dll!InternetOpenUrlW 7748DC14 6 Bytes JMP 708B000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!NtClose 77954910 5 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 1001CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 10025680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 100226F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 10023280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 10021220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\system32\SearchFilterHost.exe[3928] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 10021B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\system32\SearchFilterHost.exe[3928] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\system32\SearchFilterHost.exe[3928] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 1002DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 1002E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 1002E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\system32\SearchFilterHost.exe[3928] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\system32\SearchFilterHost.exe[3928] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\system32\SearchFilterHost.exe[3928] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\system32\SearchFilterHost.exe[3928] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\system32\SearchFilterHost.exe[3928] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\system32\SearchFilterHost.exe[3928] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!NtClose 77954910 5 Bytes JMP 0032CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!NtLoadDriver 77954FA0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!NtLoadDriver + 4 77954FA4 2 Bytes [5F, 71] .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!NtSuspendProcess 77955CD0 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!NtSuspendProcess + 4 77955CD4 2 Bytes [77, 71] {JA 0x73} .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!LdrUnloadDll 7796BE7F 7 Bytes JMP 0032CF60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] ntdll.dll!LdrLoadDll 7796F585 5 Bytes JMP 00335680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateProcessW 760E202D 5 Bytes JMP 003326F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateProcessA 760E2062 5 Bytes JMP 00333280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateProcessAsUserW 761179B4 5 Bytes JMP 00331220 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CopyFileW 76118C8F 6 Bytes JMP 70F7000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!MoveFileW 7611A173 6 Bytes JMP 709A000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateDirectoryA 7611D77A 6 Bytes JMP 70E5000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CopyFileExW 761207BB 6 Bytes JMP 70F1000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateToolhelp32Snapshot 76122BB1 6 Bytes JMP 7118000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!OpenMutexA 76123344 6 Bytes JMP 70C7000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!TerminateProcess 7612509B 6 Bytes JMP 71A5000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!VirtualProtect 761250AB 6 Bytes JMP 710F000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateMutexW 76125F40 6 Bytes JMP 70CA000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!DeleteFileW 7612656B 6 Bytes JMP 70AF000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!OpenProcess 761273E4 6 Bytes JMP 7091000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!DeleteFileA 76128BB6 6 Bytes JMP 70B2000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!MoveFileExW 7612BF28 6 Bytes JMP 7094000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!LoadResource 7612D3B0 6 Bytes JMP 70FD000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!DeviceIoControl 7612EBDD 6 Bytes JMP 70E8000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateDirectoryW 7612EC9A 6 Bytes JMP 70E2000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!VirtualAlloc 761305F4 6 Bytes JMP 7112000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateFileW 76130B5D 6 Bytes JMP 711E000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!MultiByteToWideChar 76130E69 6 Bytes JMP 70C1000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!WideCharToMultiByte 76130F86 6 Bytes JMP 70A0000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!WriteFile 761311CC 6 Bytes JMP 70DF000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateMutexA 7613177E 6 Bytes JMP 70CD000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!GetProcAddress 76131837 6 Bytes JMP 7151000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateThread 761327FD 6 Bytes JMP 7115000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!LoadLibraryA 76132864 6 Bytes JMP 719F000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!LoadLibraryW 761328B2 6 Bytes JMP 719C000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateFileA 761328FC 6 Bytes JMP 711B000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!OpenMutexW 76132A92 6 Bytes JMP 70C4000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!TerminateThread 76132DE5 6 Bytes JMP 7175000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!GetVolumeInformationW 7613C40D 6 Bytes JMP 714B000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!MoveFileExA 76142FF3 6 Bytes JMP 7097000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!GetVolumeInformationA 76146C7D 6 Bytes JMP 714E000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CopyFileA 76147CFC 6 Bytes JMP 70FA000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!WriteProcessMemory 7614859F 6 Bytes JMP 71A2000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!DebugActiveProcess 7616618C 6 Bytes JMP 7172000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!MoveFileA 7616AD49 6 Bytes JMP 709D000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CopyFileExA 7616BBA1 6 Bytes JMP 70F4000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!WinExec 7616E695 6 Bytes JMP 717F000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!CreateRemoteThread 7616F403 6 Bytes JMP 71AF000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!VirtualProtectEx 7616F651 6 Bytes JMP 7163000A .text C:\Windows\System32\svchost.exe[4056] kernel32.dll!SetThreadContext 761701CB 6 Bytes JMP 70DC000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!RegisterRawInputDevices 75D75C2F 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[4056] USER32.dll!RegisterRawInputDevices + 4 75D75C33 2 Bytes [53, 71] .text C:\Windows\System32\svchost.exe[4056] USER32.dll!GetWindowTextA 75D770ED 6 Bytes JMP 7106000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!GetAsyncKeyState 75D7C09A 6 Bytes JMP 716C000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!GetWindowTextW 75D7D9F6 6 Bytes JMP 7103000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!CreateWindowExA 75D7E18A 6 Bytes JMP 70B8000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!CreateWindowExW 75D80E51 6 Bytes JMP 70B5000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!ShowWindow 75D8147A 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[4056] USER32.dll!ShowWindow + 4 75D8147E 2 Bytes [FF, 70] .text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWindowsHookExW 75D8210A 6 Bytes JMP 7196000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!GetKeyState 75D84FDA 6 Bytes JMP 716F000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWinEventHook 75D8507E 6 Bytes JMP 7157000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!DrawTextW 75D88220 6 Bytes JMP 70BB000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWindowTextW 75D88267 6 Bytes JMP 70A3000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!DrawTextA 75D9A482 6 Bytes JMP 70BE000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWindowTextA 75DA236A 6 Bytes JMP 70A6000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!GetKeyboardState 75DA6B3E 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[4056] USER32.dll!GetKeyboardState + 4 75DA6B42 2 Bytes [68, 71] .text C:\Windows\System32\svchost.exe[4056] USER32.dll!SetWindowsHookExA 75DA6DFA 6 Bytes JMP 7199000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!DdeConnect 75DBEB83 6 Bytes JMP 7166000A .text C:\Windows\System32\svchost.exe[4056] USER32.dll!EndTask 75DBFD8E 5 Bytes JMP 0033DF90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!OpenSCManagerW 7712D1F5 6 Bytes JMP 7109000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegOpenKeyA 7712D2ED 6 Bytes JMP 713C000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegCreateKeyA 7712D3C1 6 Bytes JMP 7142000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegQueryValueA 7712D403 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegQueryValueA + 4 7712D407 2 Bytes [29, 71] .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegDeleteKeyW 7713197E 6 Bytes JMP 70A9000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegCreateKeyExA 77131B71 6 Bytes JMP 7148000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegSetValueExA 77131B96 6 Bytes JMP 7130000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegSetValueExW 77131C82 6 Bytes JMP 712D000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegCreateKeyW 77131CC0 6 Bytes JMP 713F000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegOpenKeyW 77133129 6 Bytes JMP 7139000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!OpenSCManagerA 77133B2D 6 Bytes JMP 710C000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!LookupPrivilegeValueA 7713B5A2 6 Bytes JMP 70D6000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!AdjustTokenPrivileges 7713B656 6 Bytes JMP 70D0000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!LookupPrivilegeValueW 7713B663 6 Bytes JMP 70D3000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!OpenProcessToken 7713B7C4 6 Bytes JMP 70D9000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegCreateKeyExW 7713B946 6 Bytes JMP 7145000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegQueryValueW 7713B96B 6 Bytes JMP 7127000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegOpenKeyExA 7713BC0D 6 Bytes JMP 7136000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegQueryValueExA 7713BC25 6 Bytes JMP 7124000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegQueryValueExW 7713BCD5 6 Bytes JMP 7121000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegOpenKeyExW 7713BEC4 6 Bytes JMP 7133000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!CreateServiceW 7714DBC1 6 Bytes JMP 715A000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!RegDeleteKeyA 77150499 6 Bytes JMP 70AC000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!CreateProcessAsUserA 771614FD 5 Bytes JMP 00331B50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!CreateServiceA 77162120 6 Bytes JMP 715D000A .text C:\Windows\System32\svchost.exe[4056] ADVAPI32.dll!LsaRemoveAccountRights 77167869 6 Bytes JMP 71A8000A .text C:\Windows\System32\svchost.exe[4056] SHELL32.dll!ShellExecuteW 764E41F0 6 Bytes JMP 7188000A .text C:\Windows\System32\svchost.exe[4056] SHELL32.dll!Shell_NotifyIconW 764EFBA1 6 Bytes JMP 70EB000A .text C:\Windows\System32\svchost.exe[4056] SHELL32.dll!ShellExecuteExW 764F1B8C 6 Bytes JMP 7182000A .text C:\Windows\System32\svchost.exe[4056] SHELL32.dll!ShellExecuteEx 76719B0A 6 Bytes JMP 7185000A .text C:\Windows\System32\svchost.exe[4056] SHELL32.dll!ShellExecuteA 76719BA5 6 Bytes JMP 718B000A .text C:\Windows\System32\svchost.exe[4056] SHELL32.dll!Shell_NotifyIcon 7671B61E 6 Bytes JMP 70EE000A .text C:\Windows\System32\svchost.exe[4056] ole32.dll!CoGetClassObject 7762A2D4 5 Bytes JMP 0033E1D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Windows\System32\svchost.exe[4056] ole32.dll!CoCreateInstanceEx 7764583F 5 Bytes JMP 0033E410 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7437250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74372494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74355624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74368573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74364D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74368819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7436907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7436E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74364C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0063AFD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0063B9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0063A730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0063B060] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0063B120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0063A6D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0063ABC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0063AB30] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0063A780] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0063B6B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0063B660] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0063A980] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0063B360] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0063B4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0063A870] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0063A9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [0063A7E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0063A6D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0063B120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0063B5E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0063ABC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0063A730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0063A730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0063A9F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0063A6D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0063B1E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0063B360] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0063B120] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0063ABC0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0063B8F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0063B970] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0063B930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0063B8B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[3308] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0063BA80] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs diskpt.sys (Shadow Defender Filter Driver/SHADOWDEFENDER.COM) AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp TfNetMon.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 diskpt.sys (Shadow Defender Filter Driver/SHADOWDEFENDER.COM) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@PendingFileRenameOperations ??? ?D??????????? ???????????????????????????????????????????t??Base????Root\SYSTEM\0000???????????????????s?????????????.???????.??\\?\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}?????Root\MS_PPPOEMINIPORT\0000????????0????????????????s????????`????}??????? ??????? ????????????????????????N????????????D????7&2a0ec92d&0?5??????????????????Root\MS_PPTPMINIPORT\0000???\\?\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}??????4?????????????????Root\MS_SSTPMINIPORT\0000???????????????????????\\?\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}????????????????????? ??ACPI\PNP0C0A\0???:??Debug?Windows???????? ??????????????????HIDClass???????z????????p????????\???????????????????? ????(??????P??????????????? ??????? ?????????????????p????????\???????????????????? ????(??????P??????????????? ??????? ???????P?????????????????????????????????????Root\MS_NDISWANIPV6\0000????USB\VID_064E&PID_A116&REV_0324&MI_00?USB\VID_064E&PID_A116&MI_00????USB\Class_0e&SubClass_03&Pr ---- EOF - GMER 1.0.15 ----