>Hooks
==============================================
ntkrnlpa.exe+0x0006FB28, Type: Inline - RelativeJump 0x8307CB28-->8307CAD2 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006FCC8, Type: Inline - RelativeJump 0x8307CCC8-->8307CD2C [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x832E7E5F-->922A1740 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x832E7EAA-->922A1754 [mfehidk.sys]
ntkrnlpa.exe-->NtCreateUserProcess, Type: Inline - RelativeJump 0x83262E20-->922A176A [mfehidk.sys]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8328BF17-->922A17E4 [mfehidk.sys]
ntkrnlpa.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x8325A449-->922A177E [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x83288D1C-->922A17FA [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x83038148-->922A17D0 [mfehidk.sys]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1072]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1072]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1072]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1072]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1108]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1108]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1108]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1108]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1144]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1144]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1144]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74FB2BBC-->00000000 [unknown_code_page]
[1144]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74FB44B1-->00000000 [unknown_code_page]
[1144]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74FB46B7-->00000000 [unknown_code_page]
[1144]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D6448-->00000000 [unknown_code_page]
[1144]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D5380-->00000000 [unknown_code_page]
[1144]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5F00-->00000000 [unknown_code_page]
[1144]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x762FC198-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1144]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1144]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1296]IScheduleSvc.exe-->shell32.dll-->user32.dll-->ExitWindowsEx, Type: IAT modification 0x73801D18-->00000000 [Pehook.dll]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1312]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1312]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1312]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1312]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1472]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1472]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1472]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1472]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[1628]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[1628]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[1628]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[1628]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[1952]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [McProxy.exe]
[1952]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [McProxy.exe]
[1968]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->00000000 [apphelp.dll]
[1968]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->00000000 [apphelp.dll]
[1968]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->00000000 [apphelp.dll]
[1968]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7120144C-->00000000 [apphelp.dll]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[2084]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[2084]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[2084]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[2752]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[2752]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[2752]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74FB2BBC-->00000000 [unknown_code_page]
[2752]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74FB44B1-->00000000 [unknown_code_page]
[2752]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74FB46B7-->00000000 [unknown_code_page]
[2752]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D6448-->00000000 [unknown_code_page]
[2752]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x776D5380-->00000000 [unknown_code_page]
[2752]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5F00-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[2752]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[2752]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[3400]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[3400]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[3400]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[3400]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[3776]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[3776]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[3776]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[3776]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[3896]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[3896]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[3896]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[3984]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76324B3B-->00000000 [xul.dll]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[4904]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[4904]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[4904]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[4904]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[5232]firefox.exe-->gdi32.dll-->BitBlt, Type: Inline - PushRet 0x763C7180-->00000000 [unknown_code_page]
[5232]firefox.exe-->gdi32.dll-->user32.dll-->GetWindowRect, Type: IAT modification 0x77B611F8-->00000000 [unknown_code_page]
[5232]firefox.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x74FB2BBC-->00000000 [unknown_code_page]
[5232]firefox.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x74FB44B1-->00000000 [unknown_code_page]
[5232]firefox.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x74FB46B7-->00000000 [unknown_code_page]
[5232]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x776D6448-->00000000 [unknown_code_page]
[5232]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x776D5F00-->00000000 [unknown_code_page]
[5232]firefox.exe-->shell32.dll-->user32.dll-->GetWindowRect, Type: IAT modification 0x73802004-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->DdeInitializeW, Type: Inline - PushRet 0x762F6048-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->DispatchMessageW, Type: Inline - PushRet 0x76308E8D-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->GetClipboardData, Type: Inline - PushRet 0x76314B47-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->GetMessageW, Type: Inline - PushRet 0x76308F97-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->RegisterClassExW, Type: Inline - PushRet 0x7630212B-->00000000 [unknown_code_page]
[5232]firefox.exe-->user32.dll-->TranslateMessage, Type: Inline - PushRet 0x7630910F-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[616]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[616]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[616]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[616]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[648]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[648]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[648]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[648]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[816]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[816]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[816]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[816]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7780D3C1-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77811B71-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x7781B946-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77811CC0-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x7780D2ED-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x7781BC0D-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x7781BEC4-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77813129-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x770B291C-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x770B0B7D-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770ED5BF-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77091FD6-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77094A8B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77062062-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7706202D-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x770B1857-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x77061DF0-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x770B7CD5-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x770B2884-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x770ABC8B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770AB6BF-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x770B28D2-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x770A50AB-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x770EF729-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770EE76D-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x75CB7E1C-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x75CBDC18-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x75D0DC34-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x75CB9DA0-->00000000 [unknown_code_page]
[888]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x76053F00-->00000000 [unknown_code_page]