by Orange » October 3rd, 2010, 6:35 am
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #1
==============================================
>Drivers
==============================================
0x8FA0B000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6606848 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82240000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82240000 PnpManager 3903488 bytes
0x82240000 RAW 3903488 bytes
0x82240000 WMIxWDM 3903488 bytes
0x974C0000 Win32k 2105344 bytes
0x974C0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BA09000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x82A80000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x90603000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8F8ED000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x908D0000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAE601000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8F800000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x82806000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x90706000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA9439000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x90058000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82A0F000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xA953F000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x82935000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x90805000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x829AA000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xADCBE000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9016E000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x90B9C000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x8073F000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90A3E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80696000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80484000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x90409000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x9010F000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9056A000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x90AF9000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82BB6000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0xADC46000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8BB18000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x90525000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8220D000 ACPI_HAL 208896 bytes
0x8220D000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x828F3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x90A0C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x805A5000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x905A7000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x807B5000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x82B8B000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x904E4000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA94F8000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xADD28000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8BB68000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x909D4000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x806ED000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xADC97000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x905D4000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90B78000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x90477000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x90B56000 C:\Windows\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x90AD1000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8BBA0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x907C7000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)
0x9087D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xADC07000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xADC27000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x828D5000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA95AC000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x909B9000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA9409000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x901D8000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xA95C9000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x807E1000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xADC7F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90B3F000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x90455000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAE74E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xAE72D000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x90A86000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x907E8000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA9424000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA95E2000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x904BD000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xAE778000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x904A9000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BBD7000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x805D3000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8BBEB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA952C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90AB8000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9015C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xAE764000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xAE78D000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8BB8F000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90559000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8046B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82925000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xA94E8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807A5000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x901BA000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x904D2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8F8DE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x82992000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x82A00000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8BB59000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80714000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x9049A000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F9EF000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x9014D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80730000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x901CA000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x97700000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90A9C000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x90AAA000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x908B9000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80790000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90BE7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x907BA000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x90518000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x900F7000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAE721000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xAE6E9000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90871000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8FA00000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xAE743000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x901F2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x908AE000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9046C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9044A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8F8CA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90104000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80726000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x90BF4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9050E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9522000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90B35000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAE6DF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8BBC1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9085A000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xAE79F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x829A1000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x908C7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x976E0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8F8D5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82BF4000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806DC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x828CD000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8047C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8837A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x806E5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9089E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x908A6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BB51000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xAE6F5000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9086A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x80789000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x90863000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8079E000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8BA00000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x90AF3000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x90ACB000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x82BF0000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xADD24000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x80723000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x904E2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xAE776000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x87561999 ?_empty_? 1639 bytes
==============================================
>Stealth
==============================================
0x82806000 WARNING: suspicious driver modification [iastor.sys::0x87561999]
0x01B20000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x88D40020 ] PID: 3580, 28672 bytes
0x05BA0000 Hidden Image-->WLTRAY.EXE [ EPROCESS 0x87344190 ] PID: 1800, 3821568 bytes
0x01AF0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x88D40020 ] PID: 3580, 45056 bytes
0x01CC0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x87344190 ] PID: 1800, 507904 bytes
0x04650000 Hidden Image-->msvcm80.dll [ EPROCESS 0x89234B88 ] PID: 3404, 507904 bytes
0x01320000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x87344190 ] PID: 1800, 77824 bytes
0x02370000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x89234B88 ] PID: 3404, 77824 bytes
0x016C0000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x88D40020 ] PID: 3580, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33ca1e20.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cad90.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cb2da0.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cb3b50.bup
!-->[Hidden] C:\ProgramData\McAfee\VirusScan\Quarantine\7daa33cbd0.bup
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Microsoft\Windows\WER\ReportQueue\store.lock
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF2068.tmp::$DATA
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF37A4.tmp::$DATA
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF4D41.tmp::$DATA
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF5360.tmp::$DATA
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF9811.tmp::$DATA
!-->[Hidden] C:\Users\mvaliquette\AppData\Local\Temp\~DF9830.tmp::$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt::$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt::$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt::$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt::$DATA
!-->[Hidden] C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt::$DATA
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4EEA, Type: Inline - RelativeJump 0x822F4EEA-->822F4EF1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x8246480E-->8296806C [mfehidk.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x82422FBC-->82968096 [mfehidk.sys]
ntkrnlpa.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x82464E65-->82968082 [mfehidk.sys]
ntkrnlpa.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x822671C0-->82968058 [mfehidk.sys]
[1040]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1040]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1040]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1040]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1040]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1040]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1040]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1040]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1040]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1172]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1172]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1172]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1172]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1172]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1172]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1172]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1172]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1248]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1248]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1248]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1248]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1248]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1248]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1248]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1248]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1248]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1248]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1284]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1284]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1284]svchost.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x757424B9-->00000000 [unknown_code_page]
[1284]svchost.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x75745604-->00000000 [unknown_code_page]
[1284]svchost.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x757457C5-->00000000 [unknown_code_page]
[1284]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C099E8-->00000000 [unknown_code_page]
[1284]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1284]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1284]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1284]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C092A8-->00000000 [unknown_code_page]
[1284]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x77D20F5E-->00000000 [unknown_code_page]
[1284]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1284]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1284]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1284]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1284]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1400]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1400]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1400]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1400]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1400]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1400]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1400]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1400]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1400]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1400]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1432]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1432]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1432]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1432]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1432]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1432]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1432]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1432]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1496]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1496]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1496]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1496]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1496]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1496]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1496]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1544]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1544]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1544]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1544]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1544]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1544]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1544]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1544]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1544]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[1620]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[1620]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[1620]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[1620]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[1620]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[1620]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[1620]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[1620]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[1620]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[1620]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[2012]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[2012]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[2012]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[2012]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[2012]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[2012]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[2012]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[2340]McSvHost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [McProxy.dll]
[2340]McSvHost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [McProxy.dll]
[3104]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[3104]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[3104]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[3104]explorer.exe-->mswsock.dll+0x000024B9, Type: Inline - RelativeJump 0x757424B9-->00000000 [unknown_code_page]
[3104]explorer.exe-->mswsock.dll+0x00005604, Type: Inline - RelativeJump 0x75745604-->00000000 [unknown_code_page]
[3104]explorer.exe-->mswsock.dll+0x000057C5, Type: Inline - RelativeJump 0x757457C5-->00000000 [unknown_code_page]
[3104]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77C099E8-->00000000 [unknown_code_page]
[3104]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[3104]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[3104]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[3104]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77C092A8-->00000000 [unknown_code_page]
[3104]explorer.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[3104]explorer.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[3104]explorer.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[3104]explorer.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[3104]explorer.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[588]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[588]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[588]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[588]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[588]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[588]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[588]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[588]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[588]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[588]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[764]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[764]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[764]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[764]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[764]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[764]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[764]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[780]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[780]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[780]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[780]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[780]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[780]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[780]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[780]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[780]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[780]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x7759B8AE-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x7759B5E7-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x775ABCE1-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x775AB83D-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x775A0BF5-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x775AD4E8-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x775BF09D-->00000000 [unknown_code_page]
[952]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x775B3CB0-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7708CF71-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7708CC4E-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x770D430E-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x77045C44-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x77070284-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x77041C36-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x77041C01-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7708B8B6-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x770419C9-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x77041929-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x77069491-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x77069469-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x770630C3-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7706361F-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x77041DD1-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x77068D7E-->00000000 [unknown_code_page]
[952]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x770D54FF-->00000000 [unknown_code_page]
[952]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77C08008-->00000000 [unknown_code_page]
[952]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x77C080C8-->00000000 [unknown_code_page]
[952]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77C08968-->00000000 [unknown_code_page]
[952]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x7628D690-->00000000 [unknown_code_page]
[952]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x7628F3A4-->00000000 [unknown_code_page]
[952]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x762D6DDF-->00000000 [unknown_code_page]
[952]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x7628DB09-->00000000 [unknown_code_page]
[952]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x777736D1-->00000000 [unknown_code_page]