GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-16 05:01:59 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: qytrfx1t.exe; Driver: C:\Users\MCZYZN~1\AppData\Local\Temp\pwdcauog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAllocateVirtualMemory [0x8FE760BE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAlpcConnectPort [0x8FE79566] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x8FE7909C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwAssignProcessToJobObject [0x8FE76C88] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwClose [0x8FE79B8C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwConnectPort [0x8FE78418] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateFile [0x8FE7795C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateKey [0x8FE78B10] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateProcess [0x8FE76EDE] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateProcessEx [0x8FE76F94] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateSection [0x8FE7727E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateThread [0x8FE75A2E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwDeviceIoControlFile [0x8FE78C80] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwDuplicateObject [0x8FE7D11A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwFsControlFile [0x8FE78F38] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwLoadDriver [0x8FE76594] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwMakeTemporaryObject [0x8FE79934] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenFile [0x8FE7774E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenProcess [0x8FE7CB72] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenSection [0x8FE7704E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwOpenThread [0x8FE7CE22] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwProtectVirtualMemory [0x8FE75F42] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwQueueApcThread [0x8FE76DB0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwReplaceKey [0x8FE79782] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwRequestPort [0x8FE78586] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwRequestWaitReplyPort [0x8FE77F1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwRestoreKey [0x8FE7980C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSecureConnectPort [0x8FE789A0] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSetContextThread [0x8FE75B9E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSetSecurityObject [0x8FE796DC] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSetSystemInformation [0x8FE7678E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwShutdownSystem [0x8FE7989E] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSuspendProcess [0x8FE75E1A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSuspendThread [0x8FE75CF4] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwSystemDebugControl [0x8FE76BBA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwTerminateProcess [0x8FE7CA6A] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwTerminateThread [0x8FE7D30C] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwUnloadDriver [0x8FE799CA] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwWriteVirtualMemory [0x8FE758B2] SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys ZwCreateThreadEx [0x8FE79DA8] SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 8A352000 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 131 822BE77C 4 Bytes [BE, 60, E7, 8F] .text ntkrnlpa.exe!KeSetEvent + 13D 822BE788 4 Bytes [66, 95, E7, 8F] {XCHG BP, AX; OUT 0x8f, EAX} .text ntkrnlpa.exe!KeSetEvent + 181 822BE7CC 4 Bytes [9C, 90, E7, 8F] {PUSHF ; NOP ; OUT 0x8f, EAX} .text ntkrnlpa.exe!KeSetEvent + 191 822BE7DC 4 Bytes [88, 6C, E7, 8F] {MOV [EDI-0x71], CH} .text ntkrnlpa.exe!KeSetEvent + 1A9 822BE7F4 4 Bytes [8C, 9B, E7, 8F] .text ... C:\Program Files\CyberLink\PowerDVD\000.fcl entry point in "" section [0x9FD1C000] .clc C:\Program Files\CyberLink\PowerDVD\000.fcl unknown last section [0x9FD1D000, 0x1000, 0x00000000] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[948] ntdll.dll!NtTerminateProcess 77595384 5 Bytes JMP 01A407C8 .text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[948] kernel32.dll!UnhandledExceptionFilter 773D0971 5 Bytes JMP 019707C8 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE1F69 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtClose + 5 775941A9 5 Bytes JMP 6CDE5609 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtCreateFile + 5 77594269 5 Bytes JMP 6CDE1E39 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE2B49 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE2BE1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE2AB1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE2F71 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE56A1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE2E41 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE2ED9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtRaiseHardError + 5 77594EB9 5 Bytes JMP 6CDE44D1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE2DA9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE50B1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE5739 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtSetValueKey + 5 775952E9 5 Bytes JMP 6CDE2261 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE30A1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE3009 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE5019 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE6021 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE2D11 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE2A19 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!RtlReportException 775C42D5 5 Bytes JMP 6CDE4569 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ntdll.dll!RtlCreateProcessParameters 775C6B2C 5 Bytes JMP 6CDE1ED1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!GetSystemTimeAsFileTime 773318C0 5 Bytes JMP 6CDE1A11 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!GetStartupInfoW 77331929 5 Bytes JMP 6CDE1DA1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE1D09 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateProcessA 77331C28 5 Bytes JMP 6CDE2721 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!Sleep 77331C5D 5 Bytes JMP 6CDE2391 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE3269 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE5A31 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE5C91 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE5B61 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE2C79 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!LoadLibraryExW 77359374 5 Bytes JMP 6CDE51E1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!LoadLibraryExA 7735964C 5 Bytes JMP 6CDE5149 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!LoadLibraryA 77359674 5 Bytes JMP 6CDE24C1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!FreeLibrary 7737406C 5 Bytes JMP 6CDE5279 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!ExitProcess 773744BC 5 Bytes JMP 6CDE22F9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!GetProcAddress 77379323 5 Bytes JMP 6CDE2429 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!GetModuleHandleA 7737958D 5 Bytes JMP 6CDE18E1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!SleepEx 77379C1E 5 Bytes JMP 6CDE21C9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!QueryPerformanceCounter 7737A940 5 Bytes JMP 6CDE1AA9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!GetModuleHandleW 7737AAE4 5 Bytes JMP 6CDE1979 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!OpenMutexW 7737AD65 5 Bytes JMP 6CDE3691 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CloseHandle 7737B16D 5 Bytes JMP 6CDE37C1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateThread 7737CBEE 5 Bytes JMP 6CDE31D1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE2981 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateFileA 7737D13F 5 Bytes JMP 6CDE25F1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateMutexW 7737D835 5 Bytes JMP 6CDE3729 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE5AC9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE5BF9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!Process32NextW 7738625D 5 Bytes JMP 6CDE5571 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE2559 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!WinExec 773C67CA 5 Bytes JMP 6CDE2689 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!ReadConsoleA 773D8165 5 Bytes JMP 6CDE43A1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!ReadConsoleW 773D81BB 5 Bytes JMP 6CDE4439 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!ReadConsoleInputA 773D940B 5 Bytes JMP 6CDE4271 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] kernel32.dll!ReadConsoleInputW 773D942E 5 Bytes JMP 6CDE4309 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE3859 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE3D19 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE38F1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 2 Bytes JMP 6CDE61E9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!RegOpenCurrentUser + 9E 75DF0CC4 2 Bytes [FF, F6] {PUSH ESI} .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE3F79 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE3AB9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE3B51 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE3989 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE3A21 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE3BE9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE3C81 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE3EE1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE2851 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!CreateDialogIndirectParamAorW 77297266 5 Bytes JMP 6CDE4B59 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE28E9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!CallNextHookEx 77298E3B 5 Bytes JMP 6CDE4601 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!UnhookWindowsHookEx 772998DB 5 Bytes JMP 6CDE4699 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!FindWindowA 77299D76 5 Bytes JMP 6CDE5311 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE3139 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!ShowWindow 7729CA10 5 Bytes JMP 6CDE4AC1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!CreateWindowExA 7729DC2A 5 Bytes JMP 6CDE4A29 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!FindWindowExA 7729F6C1 5 Bytes JMP 6CDE53A9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE60B9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 6CDE4991 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE6281 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!PeekMessageA 772A8343 5 Bytes JMP 6CDE4141 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE4011 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!SetWindowTextW 772A9815 5 Bytes JMP 6CDE4E51 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE6151 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!FindWindowW 772AA441 5 Bytes JMP 6CDE5441 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE40A9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 6CDE41D9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!SetWindowTextA 772BA4E6 5 Bytes JMP 6CDE4DB9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!FindWindowExW 772C260C 5 Bytes JMP 6CDE54D9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!DialogBoxIndirectParamAorW 772C2EB6 5 Bytes JMP 6CDE4BF1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!MessageBoxExA 772ED639 5 Bytes JMP 6CDE4C89 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] USER32.dll!MessageBoxExW 772ED65D 5 Bytes JMP 6CDE4D21 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] msvcrt.dll!_lock + 29 770A9FAE 5 Bytes JMP 6CDE6319 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] msvcrt.dll!__p__fmode 770B179B 5 Bytes JMP 6CDE1BD9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] msvcrt.dll!__p__environ 770BC7D7 5 Bytes JMP 6CDE1B41 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE6449 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!closesocket 7604330C 5 Bytes JMP 6CDE4F81 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!recv 7604343A 5 Bytes JMP 6CDE5EF1 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!WSASocketW 760434EB 5 Bytes JMP 6CDE4EE9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!socket 760436D1 5 Bytes JMP 6CDE5D29 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!GetAddrInfoW 76043D12 5 Bytes JMP 6CDE47C9 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE3E49 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE2099 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE2001 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!WSARecv 76048400 5 Bytes JMP 6CDE5F89 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!WSAConnect 7604D7B0 5 Bytes JMP 6CDE5E59 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!GetAddrInfoExW 7605288D 5 Bytes JMP 6CDE4861 .text C:\Windows\system32\wbem\wmiprvse.exe[1984] WS2_32.dll!gethostbyname 760562D4 5 Bytes JMP 6CDE48F9 .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2284] ntdll.dll!NtTerminateProcess 77595384 5 Bytes JMP 017D07C8 .text C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe[2284] kernel32.dll!UnhandledExceptionFilter 773D0971 5 Bytes JMP 010507C8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE1F69 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtClose + 5 775941A9 5 Bytes JMP 6CDE5609 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtCreateFile + 5 77594269 5 Bytes JMP 6CDE1E39 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE2B49 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE2BE1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE2AB1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE2F71 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE56A1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE2E41 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE2ED9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtRaiseHardError + 5 77594EB9 5 Bytes JMP 6CDE44D1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE2DA9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE50B1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE5739 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtSetValueKey + 5 775952E9 5 Bytes JMP 6CDE2261 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE30A1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE3009 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE5019 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE6021 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE2D11 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE2A19 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!RtlReportException 775C42D5 5 Bytes JMP 6CDE4569 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ntdll.dll!RtlCreateProcessParameters 775C6B2C 5 Bytes JMP 6CDE1ED1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!GetSystemTimeAsFileTime 773318C0 5 Bytes JMP 6CDE1A11 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!GetStartupInfoW 77331929 5 Bytes JMP 6CDE1DA1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE1D09 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateProcessA 77331C28 5 Bytes JMP 6CDE2721 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!Sleep 77331C5D 5 Bytes JMP 6CDE2391 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE3269 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE5A31 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE5C91 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE5B61 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE2C79 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!LoadLibraryExW 77359374 5 Bytes JMP 6CDE51E1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!LoadLibraryExA 7735964C 5 Bytes JMP 6CDE5149 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!LoadLibraryA 77359674 5 Bytes JMP 6CDE24C1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!FreeLibrary 7737406C 5 Bytes JMP 6CDE5279 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!ExitProcess 773744BC 5 Bytes JMP 6CDE22F9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!GetProcAddress 77379323 5 Bytes JMP 6CDE2429 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!GetModuleHandleA 7737958D 5 Bytes JMP 6CDE18E1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!SleepEx 77379C1E 5 Bytes JMP 6CDE21C9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!QueryPerformanceCounter 7737A940 5 Bytes JMP 6CDE1AA9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!GetModuleHandleW 7737AAE4 5 Bytes JMP 6CDE1979 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!OpenMutexW 7737AD65 5 Bytes JMP 6CDE3691 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CloseHandle 7737B16D 5 Bytes JMP 6CDE37C1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateThread 7737CBEE 5 Bytes JMP 6CDE31D1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE2981 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateFileA 7737D13F 5 Bytes JMP 6CDE25F1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateMutexW 7737D835 5 Bytes JMP 6CDE3729 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE5AC9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE5BF9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!Process32NextW 7738625D 5 Bytes JMP 6CDE5571 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE2559 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!WinExec 773C67CA 5 Bytes JMP 6CDE2689 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!ReadConsoleA 773D8165 5 Bytes JMP 6CDE43A1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!ReadConsoleW 773D81BB 5 Bytes JMP 6CDE4439 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!ReadConsoleInputA 773D940B 5 Bytes JMP 6CDE4271 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] kernel32.dll!ReadConsoleInputW 773D942E 5 Bytes JMP 6CDE4309 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE3859 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE3D19 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE38F1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 2 Bytes JMP 6CDE61E9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!RegOpenCurrentUser + 9E 75DF0CC4 2 Bytes [FF, F6] {PUSH ESI} .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE3F79 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE3AB9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE3B51 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE3989 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE3A21 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE3BE9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE3C81 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE3EE1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] msvcrt.dll!_lock + 29 770A9FAE 5 Bytes JMP 6CDE6281 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] msvcrt.dll!__p__fmode 770B179B 5 Bytes JMP 6CDE1BD9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] msvcrt.dll!__p__environ 770BC7D7 5 Bytes JMP 6CDE1B41 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE2851 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!CreateDialogIndirectParamAorW 77297266 5 Bytes JMP 6CDE4B59 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE28E9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!CallNextHookEx 77298E3B 5 Bytes JMP 6CDE4601 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!UnhookWindowsHookEx 772998DB 5 Bytes JMP 6CDE4699 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!FindWindowA 77299D76 5 Bytes JMP 6CDE5311 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE3139 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!ShowWindow 7729CA10 5 Bytes JMP 6CDE4AC1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!CreateWindowExA 7729DC2A 5 Bytes JMP 6CDE4A29 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!FindWindowExA 7729F6C1 5 Bytes JMP 6CDE53A9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE60B9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 6CDE4991 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE6319 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!PeekMessageA 772A8343 5 Bytes JMP 6CDE4141 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE4011 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!SetWindowTextW 772A9815 5 Bytes JMP 6CDE4E51 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE6151 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!FindWindowW 772AA441 5 Bytes JMP 6CDE5441 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE40A9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 6CDE41D9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!SetWindowTextA 772BA4E6 5 Bytes JMP 6CDE4DB9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!FindWindowExW 772C260C 5 Bytes JMP 6CDE54D9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!DialogBoxIndirectParamAorW 772C2EB6 5 Bytes JMP 6CDE4BF1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!MessageBoxExA 772ED639 5 Bytes JMP 6CDE4C89 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] USER32.dll!MessageBoxExW 772ED65D 5 Bytes JMP 6CDE4D21 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE63B1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!closesocket 7604330C 5 Bytes JMP 6CDE4F81 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!recv 7604343A 5 Bytes JMP 6CDE5EF1 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!WSASocketW 760434EB 5 Bytes JMP 6CDE4EE9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!socket 760436D1 5 Bytes JMP 6CDE5D29 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!GetAddrInfoW 76043D12 5 Bytes JMP 6CDE47C9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE3E49 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE2099 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE2001 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!WSARecv 76048400 5 Bytes JMP 6CDE5F89 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!WSAConnect 7604D7B0 5 Bytes JMP 6CDE5E59 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!GetAddrInfoExW 7605288D 5 Bytes JMP 6CDE4861 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] WS2_32.dll!gethostbyname 760562D4 5 Bytes JMP 6CDE48F9 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] SHELL32.dll!Shell_NotifyIconW 76478636 5 Bytes JMP 6CDE4731 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2620] SHELL32.dll!Shell_GetCachedImageIndexW + 1D29 7649902D 5 Bytes JMP 6CDE64E1 .text C:\Windows\explorer.exe[3468] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE2851 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE1A11 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE1AA9 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE1979 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE1E39 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE2B49 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE1D09 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE1DA1 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE1C71 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE2AB1 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE2BE1 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE2001 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE1F69 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE2A19 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE3009 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE1BD9 .text C:\Windows\explorer.exe[3468] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE18E1 .text C:\Windows\explorer.exe[3468] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE2F71 .text C:\Windows\explorer.exe[3468] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE21C9 .text C:\Windows\explorer.exe[3468] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE2C79 .text C:\Windows\explorer.exe[3468] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE2ED9 .text C:\Windows\explorer.exe[3468] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE2DA9 .text C:\Windows\explorer.exe[3468] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE1B41 .text C:\Windows\explorer.exe[3468] kernel32.dll!CreateThread 7737CBEE 2 Bytes JMP 6CDE2131 .text C:\Windows\explorer.exe[3468] kernel32.dll!CreateThread + 3 7737CBF1 2 Bytes [A6, F5] {CMPSB ; CMC } .text C:\Windows\explorer.exe[3468] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE1849 .text C:\Windows\explorer.exe[3468] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE2D11 .text C:\Windows\explorer.exe[3468] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE2E41 .text C:\Windows\explorer.exe[3468] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE1ED1 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE2261 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE2721 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE22F9 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 5 Bytes JMP 6CDE3301 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE2981 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE24C1 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE2559 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE2391 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE2429 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE25F1 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE2689 .text C:\Windows\explorer.exe[3468] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE28E9 .text C:\Windows\explorer.exe[3468] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE1719 .text C:\Windows\explorer.exe[3468] USER32.dll!SetWindowsHookExW 772987AD 1 Byte [E9] .text C:\Windows\explorer.exe[3468] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE17B1 .text C:\Windows\explorer.exe[3468] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE2099 .text C:\Windows\explorer.exe[3468] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE31D1 .text C:\Windows\explorer.exe[3468] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE3399 .text C:\Windows\explorer.exe[3468] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE30A1 .text C:\Windows\explorer.exe[3468] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE3269 .text C:\Windows\explorer.exe[3468] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE3139 .text C:\Windows\explorer.exe[3468] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE3431 .text C:\Windows\explorer.exe[3468] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE27B9 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[3560] ntdll.dll!NtTerminateProcess 77595384 5 Bytes JMP 02C607C8 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe[3560] kernel32.dll!UnhandledExceptionFilter 773D0971 5 Bytes JMP 02E207C8 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3604] ntdll.dll!NtTerminateProcess 77595384 5 Bytes JMP 01E507C8 .text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[3604] kernel32.dll!UnhandledExceptionFilter 773D0971 5 Bytes JMP 01F307C8 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE1F69 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtClose + 5 775941A9 5 Bytes JMP 6CDE5609 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtCreateFile + 5 77594269 5 Bytes JMP 6CDE1E39 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE2B49 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE2BE1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE2AB1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE2F71 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE56A1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE2E41 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE2ED9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtRaiseHardError + 5 77594EB9 5 Bytes JMP 6CDE44D1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtReadFile + 5 77594EC9 5 Bytes JMP 6CDE5D29 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE2DA9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE50B1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE5739 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtSetValueKey + 5 775952E9 5 Bytes JMP 6CDE2261 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE30A1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE3009 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE5019 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE60B9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE2D11 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE2A19 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!RtlReportException 775C42D5 5 Bytes JMP 6CDE4569 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ntdll.dll!RtlCreateProcessParameters 775C6B2C 5 Bytes JMP 6CDE1ED1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!GetSystemTimeAsFileTime 773318C0 5 Bytes JMP 6CDE1A11 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!GetStartupInfoW 77331929 5 Bytes JMP 6CDE1DA1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE1D09 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateProcessA 77331C28 5 Bytes JMP 6CDE2721 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!Sleep 77331C5D 5 Bytes JMP 6CDE2391 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE3269 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE5A31 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE5C91 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE5B61 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE2C79 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!LoadLibraryExW 77359374 5 Bytes JMP 6CDE51E1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!LoadLibraryExA 7735964C 5 Bytes JMP 6CDE5149 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!LoadLibraryA 77359674 5 Bytes JMP 6CDE24C1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!FreeLibrary 7737406C 5 Bytes JMP 6CDE5279 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!ExitProcess 773744BC 5 Bytes JMP 6CDE22F9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!GetProcAddress 77379323 5 Bytes JMP 6CDE2429 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!GetModuleHandleA 7737958D 5 Bytes JMP 6CDE18E1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!SleepEx 77379C1E 5 Bytes JMP 6CDE21C9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!QueryPerformanceCounter 7737A940 5 Bytes JMP 6CDE1AA9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!GetModuleHandleW 7737AAE4 5 Bytes JMP 6CDE1979 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!OpenMutexW 7737AD65 5 Bytes JMP 6CDE3691 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CloseHandle 7737B16D 5 Bytes JMP 6CDE37C1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateThread 7737CBEE 5 Bytes JMP 6CDE31D1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE2981 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateFileA 7737D13F 5 Bytes JMP 6CDE25F1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateMutexW 7737D835 5 Bytes JMP 6CDE3729 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE5AC9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE5BF9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!Process32NextW 7738625D 5 Bytes JMP 6CDE5571 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE2559 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!WinExec 773C67CA 5 Bytes JMP 6CDE2689 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!ReadConsoleA 773D8165 5 Bytes JMP 6CDE43A1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!ReadConsoleW 773D81BB 5 Bytes JMP 6CDE4439 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!ReadConsoleInputA 773D940B 5 Bytes JMP 6CDE4271 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] kernel32.dll!ReadConsoleInputW 773D942E 5 Bytes JMP 6CDE4309 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE3859 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE3D19 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE38F1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 2 Bytes JMP 6CDE6281 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!RegOpenCurrentUser + 9E 75DF0CC4 2 Bytes [FF, F6] {PUSH ESI} .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE3F79 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE3AB9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE3B51 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE3989 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE3A21 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE3BE9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE3C81 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE3EE1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE2851 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!CreateDialogIndirectParamAorW 77297266 5 Bytes JMP 6CDE4B59 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE28E9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!CallNextHookEx 77298E3B 5 Bytes JMP 6CDE4601 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!UnhookWindowsHookEx 772998DB 5 Bytes JMP 6CDE4699 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!FindWindowA 77299D76 5 Bytes JMP 6CDE5311 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE3139 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!ShowWindow 7729CA10 5 Bytes JMP 6CDE4AC1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!CreateWindowExA 7729DC2A 5 Bytes JMP 6CDE4A29 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!FindWindowExA 7729F6C1 5 Bytes JMP 6CDE53A9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE6151 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 6CDE4991 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE6319 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!PeekMessageA 772A8343 5 Bytes JMP 6CDE4141 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE4011 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!SetWindowTextW 772A9815 5 Bytes JMP 6CDE4E51 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE61E9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!FindWindowW 772AA441 5 Bytes JMP 6CDE5441 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE40A9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 6CDE41D9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!SetWindowTextA 772BA4E6 5 Bytes JMP 6CDE4DB9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!FindWindowExW 772C260C 5 Bytes JMP 6CDE54D9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!DialogBoxIndirectParamAorW 772C2EB6 5 Bytes JMP 6CDE4BF1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!MessageBoxExA 772ED639 5 Bytes JMP 6CDE4C89 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] USER32.dll!MessageBoxExW 772ED65D 5 Bytes JMP 6CDE4D21 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] msvcrt.dll!_lock + 29 770A9FAE 5 Bytes JMP 6CDE63B1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] msvcrt.dll!__p__fmode 770B179B 5 Bytes JMP 6CDE1BD9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] msvcrt.dll!__p__environ 770BC7D7 5 Bytes JMP 6CDE1B41 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE64E1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!closesocket 7604330C 5 Bytes JMP 6CDE4F81 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!recv 7604343A 5 Bytes JMP 6CDE5F89 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!WSASocketW 760434EB 5 Bytes JMP 6CDE4EE9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!socket 760436D1 5 Bytes JMP 6CDE5DC1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!GetAddrInfoW 76043D12 5 Bytes JMP 6CDE47C9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE3E49 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE2099 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE2001 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!WSARecv 76048400 5 Bytes JMP 6CDE6021 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!WSAConnect 7604D7B0 5 Bytes JMP 6CDE5EF1 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!GetAddrInfoExW 7605288D 5 Bytes JMP 6CDE4861 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] WS2_32.dll!gethostbyname 760562D4 5 Bytes JMP 6CDE48F9 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] SHELL32.dll!Shell_NotifyIconW 76478636 5 Bytes JMP 6CDE4731 .text C:\Users\Mężczyzna\Downloads\qytrfx1t.exe[4036] SHELL32.dll!Shell_GetCachedImageIndexW + 1D29 7649902D 5 Bytes JMP 6CDE6449 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE1F69 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtClose + 5 775941A9 5 Bytes JMP 6CDE5609 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateFile + 5 77594269 5 Bytes JMP 6CDE1E39 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE2B49 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE2BE1 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE2AB1 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE2F71 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE56A1 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE2E41 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE2ED9 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtRaiseHardError + 5 77594EB9 5 Bytes JMP 6CDE44D1 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE2DA9 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE50B1 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE5739 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtSetValueKey + 5 775952E9 5 Bytes JMP 6CDE2261 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE30A1 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE3009 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE5019 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE2D11 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE2A19 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!RtlReportException 775C42D5 5 Bytes JMP 6CDE4569 .text C:\Windows\system32\svchost.exe[4112] ntdll.dll!RtlCreateProcessParameters 775C6B2C 5 Bytes JMP 6CDE1ED1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!GetSystemTimeAsFileTime 773318C0 5 Bytes JMP 6CDE1A11 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!GetStartupInfoW 77331929 5 Bytes JMP 6CDE1DA1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE1D09 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateProcessA 77331C28 5 Bytes JMP 6CDE2721 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!Sleep 77331C5D 5 Bytes JMP 6CDE2391 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE3269 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE5A31 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE5C91 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE5B61 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE2C79 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!LoadLibraryExW 77359374 5 Bytes JMP 6CDE51E1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!LoadLibraryExA 7735964C 5 Bytes JMP 6CDE5149 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!LoadLibraryA 77359674 5 Bytes JMP 6CDE24C1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!FreeLibrary 7737406C 5 Bytes JMP 6CDE5279 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!ExitProcess 773744BC 5 Bytes JMP 6CDE22F9 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!GetProcAddress 77379323 5 Bytes JMP 6CDE2429 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!GetModuleHandleA 7737958D 5 Bytes JMP 6CDE18E1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!SleepEx 77379C1E 5 Bytes JMP 6CDE21C9 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!QueryPerformanceCounter 7737A940 5 Bytes JMP 6CDE1AA9 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!GetModuleHandleW 7737AAE4 5 Bytes JMP 6CDE1979 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!OpenMutexW 7737AD65 5 Bytes JMP 6CDE3691 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CloseHandle 7737B16D 5 Bytes JMP 6CDE37C1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateThread 7737CBEE 5 Bytes JMP 6CDE31D1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE2981 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateFileA 7737D13F 5 Bytes JMP 6CDE25F1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateMutexW 7737D835 5 Bytes JMP 6CDE3729 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE5AC9 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE5BF9 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!Process32NextW 7738625D 5 Bytes JMP 6CDE5571 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE2559 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!WinExec 773C67CA 5 Bytes JMP 6CDE2689 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!ReadConsoleA 773D8165 5 Bytes JMP 6CDE43A1 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!ReadConsoleW 773D81BB 5 Bytes JMP 6CDE4439 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!ReadConsoleInputA 773D940B 5 Bytes JMP 6CDE4271 .text C:\Windows\system32\svchost.exe[4112] kernel32.dll!ReadConsoleInputW 773D942E 5 Bytes JMP 6CDE4309 .text C:\Windows\system32\svchost.exe[4112] msvcrt.dll!_lock + 29 770A9FAE 5 Bytes JMP 6CDE6021 .text C:\Windows\system32\svchost.exe[4112] msvcrt.dll!__p__fmode 770B179B 5 Bytes JMP 6CDE1BD9 .text C:\Windows\system32\svchost.exe[4112] msvcrt.dll!__p__environ 770BC7D7 5 Bytes JMP 6CDE1B41 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE3859 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE3D19 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE38F1 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 5 Bytes JMP 6CDE60B9 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE3F79 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE3AB9 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE3B51 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE3989 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE3A21 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE3BE9 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE3C81 .text C:\Windows\system32\svchost.exe[4112] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE3EE1 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE2851 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!CreateDialogIndirectParamAorW 77297266 5 Bytes JMP 6CDE4B59 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE28E9 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!CallNextHookEx 77298E3B 5 Bytes JMP 6CDE4601 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!UnhookWindowsHookEx 772998DB 5 Bytes JMP 6CDE4699 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!FindWindowA 77299D76 5 Bytes JMP 6CDE5311 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE3139 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!ShowWindow 7729CA10 5 Bytes JMP 6CDE4AC1 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!CreateWindowExA 7729DC2A 5 Bytes JMP 6CDE4A29 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!FindWindowExA 7729F6C1 5 Bytes JMP 6CDE53A9 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 6CDE4991 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE6151 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!PeekMessageA 772A8343 5 Bytes JMP 6CDE4141 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE4011 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!SetWindowTextW 772A9815 5 Bytes JMP 6CDE4E51 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!FindWindowW 772AA441 5 Bytes JMP 6CDE5441 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE40A9 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 6CDE41D9 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!SetWindowTextA 772BA4E6 5 Bytes JMP 6CDE4DB9 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!FindWindowExW 772C260C 5 Bytes JMP 6CDE54D9 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!DialogBoxIndirectParamAorW 772C2EB6 5 Bytes JMP 6CDE4BF1 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!MessageBoxExA 772ED639 5 Bytes JMP 6CDE4C89 .text C:\Windows\system32\svchost.exe[4112] USER32.dll!MessageBoxExW 772ED65D 5 Bytes JMP 6CDE4D21 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE61E9 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!closesocket 7604330C 5 Bytes JMP 6CDE4F81 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!recv 7604343A 5 Bytes JMP 6CDE5EF1 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!WSASocketW 760434EB 5 Bytes JMP 6CDE4EE9 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!socket 760436D1 5 Bytes JMP 6CDE5D29 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!GetAddrInfoW 76043D12 5 Bytes JMP 6CDE47C9 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE3E49 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE2099 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE2001 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!WSARecv 76048400 5 Bytes JMP 6CDE5F89 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!WSAConnect 7604D7B0 5 Bytes JMP 6CDE5E59 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!GetAddrInfoExW 7605288D 5 Bytes JMP 6CDE4861 .text C:\Windows\system32\svchost.exe[4112] WS2_32.dll!gethostbyname 760562D4 5 Bytes JMP 6CDE48F9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE1F69 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtClose + 5 775941A9 5 Bytes JMP 6CDE5609 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtCreateFile + 5 77594269 5 Bytes JMP 6CDE1E39 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE2B49 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE2BE1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE2AB1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE2F71 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE56A1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE2E41 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE2ED9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtRaiseHardError + 5 77594EB9 5 Bytes JMP 6CDE44D1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE2DA9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE50B1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE5739 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtSetValueKey + 5 775952E9 5 Bytes JMP 6CDE2261 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE30A1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE3009 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE5019 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE6021 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE2D11 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE2A19 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!RtlReportException 775C42D5 5 Bytes JMP 6CDE4569 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ntdll.dll!RtlCreateProcessParameters 775C6B2C 5 Bytes JMP 6CDE1ED1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!GetSystemTimeAsFileTime 773318C0 5 Bytes JMP 6CDE1A11 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!GetStartupInfoW 77331929 5 Bytes JMP 6CDE1DA1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE1D09 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateProcessA 77331C28 5 Bytes JMP 6CDE2721 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!Sleep 77331C5D 5 Bytes JMP 6CDE2391 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE3269 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE5A31 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE5C91 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE5B61 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE2C79 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!LoadLibraryExW 77359374 5 Bytes JMP 6CDE51E1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!LoadLibraryExA 7735964C 5 Bytes JMP 6CDE5149 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!LoadLibraryA 77359674 5 Bytes JMP 6CDE24C1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!FreeLibrary 7737406C 5 Bytes JMP 6CDE5279 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!ExitProcess 773744BC 5 Bytes JMP 6CDE22F9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!GetProcAddress 77379323 5 Bytes JMP 6CDE2429 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!GetModuleHandleA 7737958D 5 Bytes JMP 6CDE18E1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!SleepEx 77379C1E 5 Bytes JMP 6CDE21C9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!QueryPerformanceCounter 7737A940 5 Bytes JMP 6CDE1AA9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!GetModuleHandleW 7737AAE4 5 Bytes JMP 6CDE1979 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!OpenMutexW 7737AD65 5 Bytes JMP 6CDE3691 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CloseHandle 7737B16D 5 Bytes JMP 6CDE37C1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateThread 7737CBEE 5 Bytes JMP 6CDE31D1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE2981 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateFileA 7737D13F 5 Bytes JMP 6CDE25F1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateMutexW 7737D835 5 Bytes JMP 6CDE3729 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE5AC9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE5BF9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!Process32NextW 7738625D 5 Bytes JMP 6CDE5571 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE2559 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!WinExec 773C67CA 5 Bytes JMP 6CDE2689 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!ReadConsoleA 773D8165 5 Bytes JMP 6CDE43A1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!ReadConsoleW 773D81BB 5 Bytes JMP 6CDE4439 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!ReadConsoleInputA 773D940B 5 Bytes JMP 6CDE4271 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] kernel32.dll!ReadConsoleInputW 773D942E 5 Bytes JMP 6CDE4309 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE3859 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE3D19 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE38F1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 2 Bytes JMP 6CDE61E9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!RegOpenCurrentUser + 9E 75DF0CC4 2 Bytes [FF, F6] {PUSH ESI} .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE3F79 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE3AB9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE3B51 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE3989 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE3A21 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE3BE9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE3C81 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE3EE1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE2851 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!CreateDialogIndirectParamAorW 77297266 5 Bytes JMP 6CDE4B59 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE28E9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!CallNextHookEx 77298E3B 5 Bytes JMP 6CDE4601 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!UnhookWindowsHookEx 772998DB 5 Bytes JMP 6CDE4699 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!FindWindowA 77299D76 5 Bytes JMP 6CDE5311 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE3139 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!ShowWindow 7729CA10 5 Bytes JMP 6CDE4AC1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!CreateWindowExA 7729DC2A 5 Bytes JMP 6CDE4A29 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!FindWindowExA 7729F6C1 5 Bytes JMP 6CDE53A9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE60B9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 6CDE4991 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE6281 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!PeekMessageA 772A8343 5 Bytes JMP 6CDE4141 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE4011 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!SetWindowTextW 772A9815 5 Bytes JMP 6CDE4E51 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE6151 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!FindWindowW 772AA441 5 Bytes JMP 6CDE5441 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE40A9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 6CDE41D9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!SetWindowTextA 772BA4E6 5 Bytes JMP 6CDE4DB9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!FindWindowExW 772C260C 5 Bytes JMP 6CDE54D9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!DialogBoxIndirectParamAorW 772C2EB6 5 Bytes JMP 6CDE4BF1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!MessageBoxExA 772ED639 5 Bytes JMP 6CDE4C89 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] USER32.dll!MessageBoxExW 772ED65D 5 Bytes JMP 6CDE4D21 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] msvcrt.dll!_lock + 29 770A9FAE 5 Bytes JMP 6CDE6319 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] msvcrt.dll!__p__fmode 770B179B 5 Bytes JMP 6CDE1BD9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] msvcrt.dll!__p__environ 770BC7D7 5 Bytes JMP 6CDE1B41 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE6449 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!closesocket 7604330C 5 Bytes JMP 6CDE4F81 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!recv 7604343A 5 Bytes JMP 6CDE5EF1 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!WSASocketW 760434EB 5 Bytes JMP 6CDE4EE9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!socket 760436D1 5 Bytes JMP 6CDE5D29 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!GetAddrInfoW 76043D12 5 Bytes JMP 6CDE47C9 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE3E49 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE2099 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE2001 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!WSARecv 76048400 5 Bytes JMP 6CDE5F89 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!WSAConnect 7604D7B0 5 Bytes JMP 6CDE5E59 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!GetAddrInfoExW 7605288D 5 Bytes JMP 6CDE4861 .text C:\Windows\system32\wbem\wmiprvse.exe[4568] WS2_32.dll!gethostbyname 760562D4 5 Bytes JMP 6CDE48F9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE27B9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtCreateFile 77594264 10 Bytes JMP 611ED441 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE1A11 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE1AA9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE1979 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE1E39 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtFlushBuffersFile 77594764 5 Bytes JMP 611ED181 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE2AB1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtOpenFile + 5 77594A49 5 Bytes JMP 6CDE3301 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE1D09 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtProtectVirtualMemory + 5 77594BC9 5 Bytes JMP 6CDE3729 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtQueryFullAttributesFile 77594C94 5 Bytes JMP 611ED2B9 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE1DA1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtReadFile 77594EC4 5 Bytes JMP 611ED1BB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtReadFileScatter 77594ED4 5 Bytes JMP 615D3D7D C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE1C71 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE2A19 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE2B49 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE2001 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE1F69 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE2981 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE2F71 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtWriteFile 775954D4 5 Bytes JMP 611ED5E5 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtWriteFileGather 775954E4 5 Bytes JMP 615D3DCD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE1BD9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE18E1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE2ED9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE21C9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!VirtualProtect 77331DC3 5 Bytes JMP 6CDE35F9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE2BE1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE2E41 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE2D11 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE1B41 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!HeapCreate 77359EA3 5 Bytes JMP 6CDE3561 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!HeapSetInformation + 26 7735A9B8 7 Bytes JMP 6137497B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!VirtualProtectEx 7735DD42 5 Bytes JMP 6CDE3691 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!MapViewOfFile 77376BD8 5 Bytes JMP 615BECDA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!VirtualAlloc 7737B035 5 Bytes JMP 615C041B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!CreateThread 7737CBEE 2 Bytes JMP 6CDE2131 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!CreateThread + 3 7737CBF1 2 Bytes [A6, F5] {CMPSB ; CMC } .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE1849 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE2C79 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE2DA9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE1ED1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE1719 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!SetWindowsHookExW 772987AD 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE17B1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE2099 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE31D1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!GetWindowInfo 772A428E 5 Bytes JMP 620AFA10 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE3E49 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE30A1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE3269 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE3139 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] GDI32.dll!SetStretchBltMode + 256 7607745C 7 Bytes JMP 615BD492 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE2261 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE2721 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE22F9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 5 Bytes JMP 6CDE3EE1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE28E9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE24C1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE2559 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE2391 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE2429 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE25F1 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE2689 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE2851 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE3F79 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE34C9 .text C:\Program Files\Mozilla Firefox\firefox.exe[4960] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE3431 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!RtlCreateProcessParametersEx 7755DFE3 5 Bytes JMP 6CDE1F69 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtClose + 5 775941A9 5 Bytes JMP 6CDE5609 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtCreateFile + 5 77594269 5 Bytes JMP 6CDE1E39 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtCreateProcess + 5 77594329 5 Bytes JMP 6CDE2B49 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtCreateProcessEx + 5 77594339 5 Bytes JMP 6CDE2BE1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtCreateThread + 5 77594389 5 Bytes JMP 6CDE2AB1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtDuplicateObject + 5 775946B9 5 Bytes JMP 6CDE2F71 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtLoadDriver + 5 775948F9 5 Bytes JMP 6CDE56A1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtMapViewOfSection + 5 775949B9 5 Bytes JMP 6CDE15E9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtOpenProcess + 5 77594AC9 5 Bytes JMP 6CDE2E41 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtQueueApcThread + 5 77594E99 5 Bytes JMP 6CDE2ED9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtRaiseHardError + 5 77594EB9 5 Bytes JMP 6CDE44D1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtSetContextThread + 5 775950B9 5 Bytes JMP 6CDE2DA9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtSetInformationProcess + 5 775951B9 5 Bytes JMP 6CDE50B1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtSetSystemInformation + 5 77595279 5 Bytes JMP 6CDE5739 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtSetValueKey + 5 775952E9 5 Bytes JMP 6CDE2261 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtSuspendProcess + 5 77595349 5 Bytes JMP 6CDE30A1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtSuspendThread + 5 77595359 5 Bytes JMP 6CDE3009 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtTerminateProcess + 5 77595389 5 Bytes JMP 6CDE5019 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtUnmapViewOfSection + 5 77595469 5 Bytes JMP 6CDE1681 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtVdmControl + 5 77595479 5 Bytes JMP 6CDE6021 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtWriteVirtualMemory + 5 77595509 5 Bytes JMP 6CDE2D11 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!NtCreateThreadEx + 5 77595689 5 Bytes JMP 6CDE2A19 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!RtlReportException 775C42D5 5 Bytes JMP 6CDE4569 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ntdll.dll!RtlCreateProcessParameters 775C6B2C 5 Bytes JMP 6CDE1ED1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!GetSystemTimeAsFileTime 773318C0 5 Bytes JMP 6CDE1A11 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!GetStartupInfoW 77331929 5 Bytes JMP 6CDE1DA1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!GetStartupInfoA 773319C9 5 Bytes JMP 6CDE1D09 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateProcessA 77331C28 5 Bytes JMP 6CDE2721 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!Sleep 77331C5D 5 Bytes JMP 6CDE2391 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!WriteProcessMemory 77331CB8 5 Bytes JMP 6CDE3269 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!DefineDosDeviceW 7734856C 5 Bytes JMP 6CDE5A31 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!MoveFileWithProgressW 7735113C 5 Bytes JMP 6CDE5C91 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!MoveFileExW 77351160 5 Bytes JMP 6CDE5B61 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateProcessInternalW 77355477 5 Bytes JMP 6CDE2C79 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!LoadLibraryExW 77359374 5 Bytes JMP 6CDE51E1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!LoadLibraryExA 7735964C 5 Bytes JMP 6CDE5149 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!LoadLibraryA 77359674 5 Bytes JMP 6CDE24C1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!FreeLibrary 7737406C 5 Bytes JMP 6CDE5279 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!ExitProcess 773744BC 5 Bytes JMP 6CDE22F9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!GetProcAddress 77379323 5 Bytes JMP 6CDE2429 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!GetModuleHandleA 7737958D 5 Bytes JMP 6CDE18E1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!SleepEx 77379C1E 5 Bytes JMP 6CDE21C9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!QueryPerformanceCounter 7737A940 5 Bytes JMP 6CDE1AA9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!GetModuleHandleW 7737AAE4 5 Bytes JMP 6CDE1979 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!OpenMutexW 7737AD65 5 Bytes JMP 6CDE3691 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CloseHandle 7737B16D 5 Bytes JMP 6CDE37C1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateThread 7737CBEE 5 Bytes JMP 6CDE31D1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateRemoteThread 7737CC15 5 Bytes JMP 6CDE2981 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateFileA 7737D13F 5 Bytes JMP 6CDE25F1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateMutexW 7737D835 5 Bytes JMP 6CDE3729 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!MoveFileExA 773811EE 5 Bytes JMP 6CDE5AC9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!MoveFileWithProgressA 7738120E 5 Bytes JMP 6CDE5BF9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!Process32NextW 7738625D 5 Bytes JMP 6CDE5571 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!CreateToolhelp32Snapshot 773869A2 5 Bytes JMP 6CDE2559 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!WinExec 773C67CA 5 Bytes JMP 6CDE2689 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!ReadConsoleA 773D8165 5 Bytes JMP 6CDE43A1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!ReadConsoleW 773D81BB 5 Bytes JMP 6CDE4439 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!ReadConsoleInputA 773D940B 5 Bytes JMP 6CDE4271 .text C:\Windows\system32\SearchProtocolHost.exe[5352] kernel32.dll!ReadConsoleInputW 773D942E 5 Bytes JMP 6CDE4309 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!OpenServiceA 75DD2EBD 5 Bytes JMP 6CDE3859 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!CloseServiceHandle 75DD82A5 5 Bytes JMP 6CDE3D19 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!OpenServiceW 75DD8354 5 Bytes JMP 6CDE38F1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!RegOpenCurrentUser + 9B 75DF0CC1 2 Bytes JMP 6CDE61E9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!RegOpenCurrentUser + 9E 75DF0CC4 2 Bytes [FF, F6] {PUSH ESI} .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!CreateServiceW 75DF9EB4 5 Bytes JMP 6CDE3F79 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!ControlService 75DF9FB8 5 Bytes JMP 6CDE3AB9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!DeleteService 75DFA07E 5 Bytes JMP 6CDE3B51 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!ControlServiceExA 75E3662E 5 Bytes JMP 6CDE3989 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!ControlServiceExW 75E36741 5 Bytes JMP 6CDE3A21 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!ChangeServiceConfigA 75E36DD9 5 Bytes JMP 6CDE3BE9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!ChangeServiceConfigW 75E36F81 5 Bytes JMP 6CDE3C81 .text C:\Windows\system32\SearchProtocolHost.exe[5352] ADVAPI32.dll!CreateServiceA 75E372A1 5 Bytes JMP 6CDE3EE1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] msvcrt.dll!_lock + 29 770A9FAE 5 Bytes JMP 6CDE6281 .text C:\Windows\system32\SearchProtocolHost.exe[5352] msvcrt.dll!__p__fmode 770B179B 5 Bytes JMP 6CDE1BD9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] msvcrt.dll!__p__environ 770BC7D7 5 Bytes JMP 6CDE1B41 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!SetWindowsHookExA 77296322 5 Bytes JMP 6CDE2851 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!CreateDialogIndirectParamAorW 77297266 5 Bytes JMP 6CDE4B59 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!SetWindowsHookExW 772987AD 5 Bytes JMP 6CDE28E9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!CallNextHookEx 77298E3B 5 Bytes JMP 6CDE4601 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!UnhookWindowsHookEx 772998DB 5 Bytes JMP 6CDE4699 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!FindWindowA 77299D76 5 Bytes JMP 6CDE5311 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!SetWinEventHook 77299F3A 5 Bytes JMP 6CDE3139 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!ShowWindow 7729CA10 5 Bytes JMP 6CDE4AC1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!CreateWindowExA 7729DC2A 5 Bytes JMP 6CDE4A29 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!FindWindowExA 7729F6C1 5 Bytes JMP 6CDE53A9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!PostMessageA 7729F8F8 5 Bytes JMP 6CDE60B9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!CreateWindowExW 772A1305 5 Bytes JMP 6CDE4991 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!UserClientDllInitialize 772A7A1D 5 Bytes JMP 6CDE6319 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!PeekMessageA 772A8343 5 Bytes JMP 6CDE4141 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!GetMessageA 772A8AB3 5 Bytes JMP 6CDE4011 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!SetWindowTextW 772A9815 5 Bytes JMP 6CDE4E51 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!PostMessageW 772AA175 5 Bytes JMP 6CDE6151 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!FindWindowW 772AA441 5 Bytes JMP 6CDE5441 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!GetMessageW 772AFEF7 5 Bytes JMP 6CDE40A9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!PeekMessageW 772B045A 5 Bytes JMP 6CDE41D9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!SetWindowTextA 772BA4E6 5 Bytes JMP 6CDE4DB9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!FindWindowExW 772C260C 5 Bytes JMP 6CDE54D9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!DialogBoxIndirectParamAorW 772C2EB6 5 Bytes JMP 6CDE4BF1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!MessageBoxExA 772ED639 5 Bytes JMP 6CDE4C89 .text C:\Windows\system32\SearchProtocolHost.exe[5352] USER32.dll!MessageBoxExW 772ED65D 5 Bytes JMP 6CDE4D21 .text C:\Windows\system32\SearchProtocolHost.exe[5352] SHELL32.dll!Shell_NotifyIconW 76478636 5 Bytes JMP 6CDE4731 .text C:\Windows\system32\SearchProtocolHost.exe[5352] SHELL32.dll!Shell_GetCachedImageIndexW + 1D29 7649902D 5 Bytes JMP 6CDE63B1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!WahWriteLSPEvent 76041434 5 Bytes JMP 6CDE6449 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!closesocket 7604330C 5 Bytes JMP 6CDE4F81 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!recv 7604343A 5 Bytes JMP 6CDE5EF1 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!WSASocketW 760434EB 5 Bytes JMP 6CDE4EE9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!socket 760436D1 5 Bytes JMP 6CDE5D29 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!GetAddrInfoW 76043D12 5 Bytes JMP 6CDE47C9 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!connect 760440D9 5 Bytes JMP 6CDE3E49 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!WSASend 76044496 5 Bytes JMP 6CDE2099 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!send 7604659B 5 Bytes JMP 6CDE2001 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!WSARecv 76048400 5 Bytes JMP 6CDE5F89 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!WSAConnect 7604D7B0 5 Bytes JMP 6CDE5E59 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!GetAddrInfoExW 7605288D 5 Bytes JMP 6CDE4861 .text C:\Windows\system32\SearchProtocolHost.exe[5352] WS2_32.dll!gethostbyname 760562D4 5 Bytes JMP 6CDE48F9 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys ---- Files - GMER 2.1 ---- File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\3F89B7D26D106D4D55CBCEA91EBA93E768CC47EE 0 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\3F9A23AB9ADD5BEE733FA3058867806B5B63A4B4 0 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\9BF9DE40A2467F2654C4459FE766F0FA1A03777F 898 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\85F0BD240D316E48B2CF8083601CBAF0E6A0E85B 899 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\90818C01F28E4641481ADC071984E5FEC333956A 1817 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\5F7E817D525A7148B1930B95DAD4AA425D4FA713 1013 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\9730EDFD7BA6EA6CD1E01466D2255B47F8F7B9B7 899 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\142DBC243CBF76F728FC967C319E30BE426F02FE 1113 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\71B4C98EE4F3A71033D3673C7A1E57BE527568A4 23148 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\F89FBB94607A17FFA5963237C84D51BE429714AE 697 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\FD703ADA995D258A7F07B6713FA5A76042BE3B5F 898 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\EC566EA533DED6FA17C4E6B936EB13027138B0C4 9093 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\499B1137C72424B371AA8B8DD2DBF6BAA8318C3A 899 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\DC647C93E50FF73CD42E46A0FA705C7E10B20608 899 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\79BB82CDC2745207EBD408B77FC91C9F1B80FFDE 1039 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\A5668F08DAF34D3B94B269FC0EC4BF56AEE314C4 2760 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\4B66F5F295D936991919FB413617A3A821381B56 828 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\5C7955B7D13A321E5FA86B0BF2CAD050BCE0039B 885 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\09EE28E798B83B6A6389FA83445C1077ED148130 4920 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\0A163C323C7E798A66F1F19CC07571878E257273 155374 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\85259ACA5C4F4F956A7AF64243AA917E86F2332C 1159 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\FB99B94645A2FE07C35A248C5A267D97E7914B89 885 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\EAF19E2E22E7DE539B5212B56EBF5FAA211D285A 975 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\722189C91891D4911E9D63CB95DD55BA25810EE1 885 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\B842F2978CDA9EE11A2F819B25EDFB27A43443D9 898 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\91185DB62F8B29D739816184474C1DC9F5EE04E3 919 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\C5608F9F9D7F989471D16BA9913A521CD19B46FF 231681 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\53CE6BE44387B27F1FB7EA8EAAA62CEB82FF3E2A 927 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\A33312D6594C7D3EF61B4677541E6DB7599CA60A 1499 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\EFCFD962199D5D2B41B04F246382554F06DE2042 1447 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\62C91AAD0BE6C443D750E60B83FF13CE4FC1F971 19363 bytes File C:\Users\Mężczyzna\AppData\Local\Mozilla\Firefox\Profiles\jbfn35hu.default\cache2\entries\93A4FC7ECB5E844349CEE717BCD7CB7FD72B19A2 899 bytes File C:\Windows\Temp\~bdED2A.tmp 0 bytes ---- EOF - GMER 2.1 ----