GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-23 16:20:07 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500413AS rev.JC4B 465,76GB Running: fd9nx1s6.exe; Driver: C:\DOCUME~1\ANDRZE~1\USTAWI~1\Temp\ugtdapow.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAllocateVirtualMemory [0xA8C240BE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAssignProcessToJobObject [0xA8C24C88] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwClose [0xA8C27B8C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwConnectPort [0xA8C26418] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateFile [0xA8C2595C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateKey [0xA8C26B10] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcess [0xA8C24EDE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcessEx [0xA8C24F94] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateSection [0xA8C2527E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThread [0xA8C23A2E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDeviceIoControlFile [0xA8C26C80] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDuplicateObject [0xA8C2B11A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwFsControlFile [0xA8C26F38] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwLoadDriver [0xA8C24594] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwMakeTemporaryObject [0xA8C27934] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenFile [0xA8C2574E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenProcess [0xA8C2AB72] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenSection [0xA8C2504E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenThread [0xA8C2AE22] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwProtectVirtualMemory [0xA8C23F42] SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xBA2091D6] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwQueueApcThread [0xA8C24DB0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwReplaceKey [0xA8C27782] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestPort [0xA8C26586] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestWaitReplyPort [0xA8C25F1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRestoreKey [0xA8C2780C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSecureConnectPort [0xA8C269A0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetContextThread [0xA8C23B9E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSecurityObject [0xA8C276DC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSystemInformation [0xA8C2478E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwShutdownSystem [0xA8C2789E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendProcess [0xA8C23E1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendThread [0xA8C23CF4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSystemDebugControl [0xA8C24BBA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateProcess [0xA8C2AA6A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateThread [0xA8C2B30C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwUnloadDriver [0xA8C279CA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwWriteVirtualMemory [0xA8C238B2] SYSENTER avc3.sys B9E8D000 ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\svchost.exe[200] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\svchost.exe[200] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\svchost.exe[200] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\svchost.exe[200] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\svchost.exe[200] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\System32\svchost.exe[200] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006381 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006419 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 630064B1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[236] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[352] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[352] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[352] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[352] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[352] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[352] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\svchost.exe[352] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006419 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630064B1 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[364] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006381 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630064B1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006549 .text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[500] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\spoolsv.exe[668] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\spoolsv.exe[668] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\spoolsv.exe[668] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\spoolsv.exe[668] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\spoolsv.exe[668] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\spoolsv.exe[668] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006549 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\spoolsv.exe[668] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\svchost.exe[720] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\svchost.exe[720] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\svchost.exe[720] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\svchost.exe[720] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\svchost.exe[720] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\svchost.exe[720] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\svchost.exe[720] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\svchost.exe[720] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\System32\svchost.exe[720] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006381 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630064B1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[848] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006381 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630064B1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006549 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.WHOKNA4\MSSQL\Binn\sqlservr.exe[972] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\Explorer.EXE[1244] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\Explorer.EXE[1244] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\Explorer.EXE[1244] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\Explorer.EXE[1244] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\Explorer.EXE[1244] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\Explorer.EXE[1244] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006419 .text C:\WINDOWS\Explorer.EXE[1244] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006549 .text C:\WINDOWS\Explorer.EXE[1244] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630065E1 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00F60095 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00F6002D .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00F600C9 .text C:\WINDOWS\Explorer.EXE[1244] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00F60061 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1572] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1572] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1572] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe[1952] WS2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 010D0095 .text C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe[1952] WS2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 010D002D .text C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe[1952] WS2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 010D00C9 .text C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe[1952] WS2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 010D0061 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\ctfmon.exe[2012] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\ctfmon.exe[2012] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\ctfmon.exe[2012] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\ctfmon.exe[2012] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\ctfmon.exe[2012] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\ctfmon.exe[2012] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\ctfmon.exe[2012] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\ctfmon.exe[2012] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\ctfmon.exe[2012] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\ctfmon.exe[2012] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00AB0095 .text C:\WINDOWS\system32\ctfmon.exe[2012] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00AB002D .text C:\WINDOWS\system32\ctfmon.exe[2012] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00AB00C9 .text C:\WINDOWS\system32\ctfmon.exe[2012] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00AB0061 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\svchost.exe[2624] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\svchost.exe[2624] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\svchost.exe[2624] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\svchost.exe[2624] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\svchost.exe[2624] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\svchost.exe[2624] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\svchost.exe[2624] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\svchost.exe[2624] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\svchost.exe[2624] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\System32\svchost.exe[2624] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005F59 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63006971 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006A09 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005FF1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005A01 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63006089 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005969 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006AA1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005B31 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005A99 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005BC9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630065E1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63006381 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 630064B1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63006549 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63006419 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005EC1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006C69 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006D01 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006BD1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006D99 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 63005E29 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63005541 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 630054A9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 63005C61 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 630057A1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 63006B39 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63005411 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005D91 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 630052E1 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 63005379 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63005709 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005CF9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63005671 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 630055D9 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] shell32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006E31 .text C:\Program Files\Ad Muncher\AdMunch.exe[2668] shell32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\alg.exe[3300] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\alg.exe[3300] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\alg.exe[3300] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\alg.exe[3300] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\alg.exe[3300] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\alg.exe[3300] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006419 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\alg.exe[3300] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630064B1 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\System32\alg.exe[3300] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\System32\alg.exe[3300] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006549 .text C:\WINDOWS\System32\alg.exe[3300] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005F59 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63006A09 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006AA1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005FF1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtReadFile + 5 7C90D9D3 5 Bytes JMP 63006679 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005A01 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63006089 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005969 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006B39 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005B31 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005A99 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005BC9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002A81 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630032D1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002D79 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 630023F9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630065E1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!DefineDosDeviceW 7C821F1E 5 Bytes JMP 63006381 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!MoveFileExW 7C83568B 5 Bytes JMP 630064B1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 63006549 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 63006419 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 63002789 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005EC1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002659 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 63004371 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004409 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 63004241 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 630042D9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006D01 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006C69 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006D99 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 63005E29 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63005541 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 630054A9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 63005C61 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 630057A1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 63006BD1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63005411 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005D91 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 630052E1 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 63005379 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63005709 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005CF9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63005671 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 630055D9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006E31 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006EC9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004701 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ws2_32.dll!WSAGetLastError + 3D 71A53D0B 7 Bytes JMP 00BD0095 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ws2_32.dll!getsockopt + 318 71A54A02 7 Bytes JMP 00BD002D .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ws2_32.dll!WSASendTo + B6 71A60B63 7 Bytes JMP 00BD00C9 .text C:\Documents and Settings\Andrzej Dratwa\Pulpit\fd9nx1s6.exe[3476] ws2_32.dll!shutdown + 86 71A60C7C 7 Bytes JMP 00BD0061 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys ---- EOF - GMER 2.1 ----