GMER log took long time to run - and it has too many characters, so posting on 2 messages::GMER 1.0.15.15077 [cr8dk3p1.exe] -
http://www.gmer.netRootkit scan 2009-08-18 20:52:11
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0x8BC5D794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0x8BC5DF1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0x8BC5CD0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0x8BC5C384]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateUserProcess [0x8BC5E6B6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8C1844FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8C18453A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8C18457D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8C184470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8C184484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8C184510]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8C1844D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8C184550]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8C184526]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwYieldExecution 8227818C 5 Bytes JMP 8C18452A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!KeSetTimerEx + 43C 82309A00 8 Bytes [94, D7, C5, 8B, 1E, DF, C5, ...] {XCHG ESP, EAX; XLATB ; LDS ECX, DWORD [EBX-0x743a20e2]}
.text ntkrnlpa.exe!KeSetTimerEx + 854 82309E18 4 Bytes [0A, CD, C5, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 82309E78 4 Bytes [84, C3, C5, 8B]
.text ntkrnlpa.exe!KeSetTimerEx + 918 82309EDC 4 Bytes [B6, E6, C5, 8B]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\services.exe[696] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 00060093
.text C:\Windows\system32\services.exe[696] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00060F4D
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 000600C2
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 00060F21
.text C:\Windows\system32\services.exe[696] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 0006005D
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 00060025
.text C:\Windows\system32\services.exe[696] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 00060F79
.text C:\Windows\system32\services.exe[696] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 00060F94
.text C:\Windows\system32\services.exe[696] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 00060F68
.text C:\Windows\system32\services.exe[696] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 00060036
.text C:\Windows\system32\services.exe[696] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 00060FB9
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 00060078
.text C:\Windows\system32\services.exe[696] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 00060F06
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 0006000A
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 00060FEF
.text C:\Windows\system32\services.exe[696] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 00060FD4
.text C:\Windows\system32\services.exe[696] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 00060F3C
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 00180040
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 00180FB9
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 00180000
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00180F9E
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00180051
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 00180025
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 00180FE5
.text C:\Windows\system32\services.exe[696] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 00180FCA
.text C:\Windows\system32\services.exe[696] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 00190064
.text C:\Windows\system32\services.exe[696] msvcrt.dll!system 76C48B63 5 Bytes JMP 00190053
.text C:\Windows\system32\services.exe[696] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 00190FE3
.text C:\Windows\system32\services.exe[696] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 00190000
.text C:\Windows\system32\services.exe[696] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 00190042
.text C:\Windows\system32\services.exe[696] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 00190011
.text C:\Windows\system32\services.exe[696] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 001B0FE5
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 001E0F30
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 001E0F55
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 001E00AC
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 001E0091
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 001E0054
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 001E0FBC
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 001E0F86
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 001E0028
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 001E0065
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 001E0043
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 001E0FA1
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 001E0080
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 001E00BD
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 001E0FDE
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 001E0FCD
.text C:\Windows\system32\lsass.exe[708] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 001E0F1F
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 001F0FCA
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 001F0000
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 001F0051
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 001F006C
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 001F001B
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 001F0036
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 00200042
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!system 76C48B63 5 Bytes JMP 00200FB7
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 00200027
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 00200FEF
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 00200FC8
.text C:\Windows\system32\lsass.exe[708] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 0020000C
.text C:\Windows\system32\lsass.exe[708] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 00700FEF
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[760] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[760] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 001500D0
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00150F80
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 00150F4A
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 001500EB
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 0015009A
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 00150047
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 0015007D
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 00150FCA
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 001500B5
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 0015006C
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 00150FE5
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 00150FA5
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 00150F2F
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 0015001B
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 00150036
.text C:\Windows\system32\svchost.exe[904] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 00150F6F
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!_wsystem 76C48A47 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 0018004B
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!system 76C48B63 5 Bytes JMP 0018003A
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 00180FDE
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 00180FEF
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 00180029
.text C:\Windows\system32\svchost.exe[904] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 0018000C
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 00160062
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 0016003D
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 00160000
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00160FC0
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00160073
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 0016001B
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 00160FDB
.text C:\Windows\system32\svchost.exe[904] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 0016002C
.text C:\Windows\system32\svchost.exe[904] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 003C000A
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 002C0F98
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 002C00DE
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 002C010A
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 002C00F9
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 002C00B2
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 002C0033
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 002C00A1
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 002C0073
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 002C00CD
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 002C0084
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 002C0058
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 002C0FBD
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 002C0125
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 002C0011
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 002C0022
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 002C0F87
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 002E0FB2
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!system 76C48B63 5 Bytes JMP 002E0FCD
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 002E0FEF
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 002E0000
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 002E0FDE
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 002E001D
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 002D0F97
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 002D0039
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 002D0FEF
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 002D0FA8
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 002D0054
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 002D0FC3
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 002D0FD4
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 002D001E
.text C:\Windows\system32\svchost.exe[976] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 00580FEF
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 00760098
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00760F5C
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 007600D5
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 007600C4
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 00760F6D
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 00760025
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 00760F94
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 00760040
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 00760062
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 00760051
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 00760FB9
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 00760087
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 00760F23
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 00760FE5
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 0076000A
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 00760FD4
.text C:\Windows\System32\svchost.exe[1056] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 007600B3
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 009B0FA3
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!system 76C48B63 5 Bytes JMP 009B0038
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 009B000C
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 009B0FE3
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 009B001D
.text C:\Windows\System32\svchost.exe[1056] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 009B0FD2
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 009A0F72
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 009A0F9E
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 009A0FEF
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 009A0F8D
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 009A002F
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 009A0FD4
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 009A000A
.text C:\Windows\System32\svchost.exe[1056] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 009A0FB9
.text C:\Windows\System32\svchost.exe[1056] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 009C0FE5
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 0078006E
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00780053
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 00780EFC
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 00780F0D
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 00780F4D
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 00780FB9
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 00780F68
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 00780F94
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 00780042
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 00780F79
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 00780025
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 00780F32
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 00780EE1
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 00780FDE
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 00780FEF
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 00780014
.text C:\Windows\System32\svchost.exe[1104] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 0078007F
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 007A0064
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!system 76C48B63 5 Bytes JMP 007A0053
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 007A0038
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 007A0000
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 007A0FE3
.text C:\Windows\System32\svchost.exe[1104] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 007A001D
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 00790F72
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 00790F9E
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 00790FEF
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00790F8D
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00790025
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 00790FCA
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 00790000
.text C:\Windows\System32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 00790FB9
.text C:\Windows\System32\svchost.exe[1104] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 007B0000
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 013100C4
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 013100B3
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 01310F37
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 01310F52
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 01310091
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 01310FD4
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 01310076
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 01310FC3
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 013100A2
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 01310065
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 01310040
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreatePipe 75670284 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 01310F88
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 013100E9
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 01310FEF
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 01310000
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 01310025
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 01310F63
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 014B004E
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!system 76C48B63 5 Bytes JMP 014B0033
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 014B0FDE
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 014B0FEF
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 014B0FC3
.text C:\Windows\system32\svchost.exe[1116] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 014B0018
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 014A0FB9
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 014A0FCA
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 014A000A
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 014A0051
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 014A0076
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 014A0FEF
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 014A0025
.text C:\Windows\system32\svchost.exe[1116] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 014A0040
.text C:\Windows\system32\svchost.exe[1116] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 01910000
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 00210F4B
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00210F5C
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 00210F04
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 00210F15
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 00210076
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 00210FC3
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 0021005B
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 0021004A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 00210087
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 00210F9E
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 00210039
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 00210F77
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 002100B6
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 00210FDE
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 00210F26
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 0023006E
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!system 76C48B63 5 Bytes JMP 0023005D
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 00230FE3
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 00230042
.text C:\Windows\system32\svchost.exe[1264] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 0023001D
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 0022004A
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 00220FB9
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00220FA8
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00220F8D
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 00220FCA
.text C:\Windows\system32\svchost.exe[1264] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 00250FEF
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 000800BA
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00080F74
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 00080101
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 000800F0
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 0008007A
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 0008003D
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 00080F96
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 0008005F
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 0008008B
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 00080FBD
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 0008004E
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 00080F85
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 00080112
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 00080011
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 00080000
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 0008002C
.text C:\Windows\system32\svchost.exe[1340] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 000800D5
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 00DE0FC3
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!system 76C48B63 5 Bytes JMP 00DE004E
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 00DE0033
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 00DE0FEF
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 00DE0FDE
.text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 00DE0018
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 00DD0F7C
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 00DD0FA8
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 00DD000A
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00DD0F97
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00DD0043
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 00DD0FCA
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 00DD0FEF
.text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 00DD0FB9
.text C:\Windows\system32\svchost.exe[1340] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 00DF0000
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenA 7675D688 5 Bytes JMP 009E0FE5
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenW 7675DB01 5 Bytes JMP 009E0FCA
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenUrlA 7675F39C 5 Bytes JMP 009E000A
.text C:\Windows\system32\svchost.exe[1340] WinInet.dll!InternetOpenUrlW 767A6F37 5 Bytes JMP 009E0FB9
.text C:\Program Files\Mozilla Firefox\firefox.exe[1396] WS2_32.dll!closesocket 76CA330C 5 Bytes JMP 01DA2C96
.text C:\Program Files\Mozilla Firefox\firefox.exe[1396] WS2_32.dll!send 76CA659B 5 Bytes JMP 01DA212F
.text C:\Program Files\Mozilla Firefox\firefox.exe[1396] WS2_32.dll!WSARecv 76CA8400 5 Bytes JMP 01DA2812
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 00010F63
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 00010F7E
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 00010F1C
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 00010F37
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 00010098
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 00010062
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 00010FA3
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 0001007D
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 00010051
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 000100A9
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 00010F0B
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 00010036
.text C:\Windows\System32\svchost.exe[1476] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 00010F52
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!system 76C48B63 5 Bytes JMP 00050FAB
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 0005001B
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_open 76C4DA7E 3 Bytes JMP 00050FE3
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_open + 4 76C4DA82 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 00050FBC
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_wopen 76C4DE79 3 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[1476] msvcrt.dll!_wopen + 4 76C4DE7D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 00060054
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 00060FC3
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00060FB2
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00060F8D
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 00060000
.text C:\Windows\System32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 00060FD4
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 008E0F4D
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 008E0093
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 008E00DA
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 008E00BF
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 008E005D
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 008E000A
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 008E004C
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 008E0F9E
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 008E0078
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 008E0F8D
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 008E001B
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 008E0F68
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 008E0F1E
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 008E0FD4
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 008E0FE5
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 008E0FB9
.text C:\Windows\system32\svchost.exe[1544] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 008E00A4
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 00940FB2
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!system 76C48B63 5 Bytes JMP 00940047
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 00940011
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 0094002C
.text C:\Windows\system32\svchost.exe[1544] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 00940FE3
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 00930036
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 00930F9E
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 00930FEF
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 00930025
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 00930F79
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 00930FCA
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 0093000A
.text C:\Windows\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 00930FB9
.text C:\Windows\system32\svchost.exe[1544] WS2_32.dll!socket 76CA36D1 5 Bytes JMP 00DA0FEF
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoW 75641929 5 Bytes JMP 016100AC
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetStartupInfoA 756419C9 5 Bytes JMP 01610F5C
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateProcessW 75641C01 5 Bytes JMP 016100F3
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateProcessA 75641C36 5 Bytes JMP 016100E2
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!VirtualProtect 75641DD1 5 Bytes JMP 01610F92
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeW 75645C44 5 Bytes JMP 01610FD4
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExW 756630C3 5 Bytes JMP 0161006C
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryW 7566361F 5 Bytes JMP 01610FB9
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!VirtualProtectEx 75668D7E 5 Bytes JMP 0161007D
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryExA 75669469 5 Bytes JMP 0161005B
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!LoadLibraryA 75669491 5 Bytes JMP 01610040
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreatePipe 75670284 5 Bytes JMP 01610F77
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!GetProcAddress 7568B8B6 5 Bytes JMP 01610F4B
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateFileW 7568CC4E 5 Bytes JMP 01610014
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateFileA 7568CF71 5 Bytes JMP 01610FEF
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!CreateNamedPipeA 756D430E 5 Bytes JMP 01610025
.text C:\Windows\system32\svchost.exe[1792] kernel32.dll!WinExec 756D54FF 5 Bytes JMP 016100BD
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_wsystem 76C48A47 5 Bytes JMP 01670047
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!system 76C48B63 5 Bytes JMP 01670036
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_creat 76C4C6F1 5 Bytes JMP 0167001B
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_open 76C4DA7E 5 Bytes JMP 01670FEF
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_wcreat 76C4DC9E 5 Bytes JMP 01670FC6
.text C:\Windows\system32\svchost.exe[1792] msvcrt.dll!_wopen 76C4DE79 5 Bytes JMP 01670000
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExA 76B3B5E7 5 Bytes JMP 01620051
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyA 76B3B8AE 5 Bytes JMP 0162002C
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyA 76B40BF5 5 Bytes JMP 01620000
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyW 76B4B83D 5 Bytes JMP 01620FAF
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegCreateKeyExW 76B4BCE1 5 Bytes JMP 01620F9E
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExA 76B4D4E8 5 Bytes JMP 01620FD4
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyW 76B53CB0 5 Bytes JMP 01620FE5
.text C:\Windows\system32\svchost.exe[1792] ADVAPI32.dll!RegOpenKeyExW 76B5F09D 5 Bytes JMP 0162001B
.text C:\Windows\system32\svchost.exe[1792] WS2_32.dll!socket 76CA36D1 5