GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2006-12-19 16:05:07 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys ZwTerminateThread SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.12 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2730 80501434 8 Bytes [ EA, 45, 18, B9, 88, 44, 18, ... ] ---- User code sections - GMER 1.0.12 ---- .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\slserv.exe[204] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\slserv.exe[204] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[228] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\svchost.exe[228] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Download Express\dep.exe[260] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] user32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Download Express\dep.exe[260] advapi32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Download Express\dep.exe[260] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Download Express\dep.exe[260] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Download Express\dep.exe[260] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Download Express\dep.exe[260] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\csrss.exe[868] KERNEL32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[868] KERNEL32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[892] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[892] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 08, 5F ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[936] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\services.exe[936] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[936] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\svchost.exe[1108] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\svchost.exe[1288] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1616] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1616] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe[1744] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1780] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\svchost.exe[1780] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\nvsvc32.exe[1808] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2116] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\explorer.exe[2116] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\explorer.exe[2116] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\explorer.exe[2116] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\explorer.exe[2116] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[2516] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Internet Explorer\iexplore.exe[2516] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Java\jre1.5.0_07\bin\jusched.exe[2556] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\rundll32.exe[2604] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4C, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6D, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4F, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 70, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 52, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 55, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 58, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 5B, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5E, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 73, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 61, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 64, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 76, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 79, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 67, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 6A, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7C, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 49, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 34, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3D, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 37, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 40, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 46, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 43, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 3A, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A9, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 94, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 91, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, A0, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8E, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9D, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 97, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A3, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A6, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 8B, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 9A, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 25, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 22, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 2B, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 28, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2E, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 31, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1C, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1F, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 88, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 85, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 82, 5F ] .text C:\Programme\Multimedia Combo Set\MouseDrv.exe[2620] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7F, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4C, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6D, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4F, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 70, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 52, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 55, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 58, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 5B, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5E, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 73, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 61, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 64, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 76, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 79, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 67, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 6A, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7C, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 49, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 34, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3D, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 37, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 40, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 46, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 43, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 3A, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A9, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 94, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 91, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, A0, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8E, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9D, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 97, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A3, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A6, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 8B, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] user32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 9A, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 25, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 22, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 2B, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 28, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2E, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 31, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1C, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] advapi32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1F, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 88, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 85, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 82, 5F ] .text C:\Programme\Multimedia Combo Set\PS2USBKbdDrv.exe[2640] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7F, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Outlook Express\msimn.exe[2716] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Outlook Express\msimn.exe[2716] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] user32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] advapi32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Security Task Manager\SpyProtector.exe[2760] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3032] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3032] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\WINDOWS\system32\rundll32.exe[3048] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe[3340] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[3432] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[3464] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4C, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6D, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4F, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 70, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 52, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 55, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 58, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 5B, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5E, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 73, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 61, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 64, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 76, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 79, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 67, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 6A, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7C, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 49, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 34, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3D, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 37, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 40, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 46, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 43, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 3A, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A9, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 94, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 91, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, A0, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8E, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9D, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 97, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A3, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A6, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 8B, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 9A, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 25, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 22, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 2B, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 28, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2E, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 31, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1C, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1F, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 88, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 85, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 82, 5F ] .text C:\Dokumente und Einstellungen\admin\Desktop\gmer.exe[3560] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe[3608] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.exe[3748] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\OpenOffice.org 2.0\program\soffice.bin[3796] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtClose 7C91D586 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtClose + 4 7C91D58A 2 Bytes [ 4A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtCreateFile 7C91D682 1 Byte [ FF ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtCreateFile + 2 7C91D684 1 Byte [ 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtCreateFile + 4 7C91D686 2 Bytes [ 6B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtCreateKey 7C91D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtCreateKey + 4 7C91D6DA 2 Bytes [ 4D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDeleteFile 7C91D88F 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDeleteFile + 4 7C91D893 2 Bytes [ 6E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDeleteKey 7C91D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDeleteKey + 4 7C91D8A8 2 Bytes [ 50, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDeleteValueKey 7C91D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDeleteValueKey + 4 7C91D8D2 2 Bytes [ 53, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDuplicateObject 7C91D90D 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtDuplicateObject + 4 7C91D911 2 Bytes [ 56, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtEnumerateKey 7C91D94C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtEnumerateKey + 4 7C91D950 2 Bytes [ 59, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtEnumerateValueKey 7C91D976 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtEnumerateValueKey + 4 7C91D97A 2 Bytes [ 5C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtOpenFile 7C91DCFD 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtOpenFile + 4 7C91DD01 2 Bytes [ 71, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtQueryMultipleValueKey 7C91E0AE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtQueryMultipleValueKey + 4 7C91E0B2 2 Bytes [ 5F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtQueryValueKey 7C91E1FE 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtQueryValueKey + 4 7C91E202 2 Bytes [ 62, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtReadFile 7C91E27C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtReadFile + 4 7C91E280 2 Bytes [ 74, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtSetInformationFile 7C91E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtSetInformationFile + 4 7C91E5DD 2 Bytes [ 77, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtSetValueKey 7C91E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtSetValueKey + 4 7C91E7C0 2 Bytes [ 65, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtUnloadKey 7C91E90C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtUnloadKey + 4 7C91E910 2 Bytes [ 68, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtWriteFile 7C91E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!NtWriteFile + 4 7C91E9F7 2 Bytes [ 7A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!LdrLoadDll 7C9261CA 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ntdll.dll!LdrLoadDll + 4 7C9261CE 2 Bytes [ 47, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!TerminateProcess 7C801E16 6 Bytes [ FF, 25, 1E, 00, 32, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!CreateFileMappingW 7C80938E 6 Bytes [ FF, 25, 1E, 00, 3B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!MapViewOfFileEx 7C80B896 6 Bytes [ FF, 25, 1E, 00, 35, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 3E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!CreateProcessInternalW 7C819513 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!CreateProcessInternalW + 4 7C819517 2 Bytes [ 44, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [ 41, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] kernel32.dll!CopyFileExW 7C827B32 6 Bytes [ FF, 25, 1E, 00, 38, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!DispatchMessageW 77D18A01 6 Bytes [ FF, 25, 1E, 00, A7, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!TranslateMessage 77D18BF6 6 Bytes [ FF, 25, 1E, 00, 92, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!DispatchMessageA 77D196B8 6 Bytes [ FF, 25, 1E, 00, 8F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!GetKeyState 77D1C505 6 Bytes [ FF, 25, 1E, 00, 9E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!BeginDeferWindowPos 77D1D907 6 Bytes [ FF, 25, 1E, 00, 8C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!GetKeyboardState 77D1E641 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!GetKeyboardState + 4 77D1E645 2 Bytes [ 9B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!GetAsyncKeyState 77D1E655 6 Bytes [ FF, 25, 1E, 00, 95, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!CreateAcceleratorTableW 77D2DABB 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!CreateAcceleratorTableW + 4 77D2DABF 2 Bytes [ A1, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!SetWindowsHookExW 77D2E4AF 6 Bytes [ FF, 25, 1E, 00, A4, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!SetWindowsHookExA 77D311E9 6 Bytes [ FF, 25, 1E, 00, 89, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!AttachThreadInput 77D31E23 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] USER32.dll!AttachThreadInput + 4 77D31E27 2 Bytes [ 98, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!CloseServiceHandle 77DB5E4D 6 Bytes [ FF, 25, 1E, 00, 11, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!OpenServiceW 77DB6165 6 Bytes [ FF, 25, 1E, 00, 23, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!ControlService 77DBB635 6 Bytes [ FF, 25, 1E, 00, 14, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!OpenServiceA 77DBB88C 6 Bytes [ FF, 25, 1E, 00, 20, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!StartServiceW 77DBBBAC 6 Bytes [ FF, 25, 1E, 00, 29, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!StartServiceA 77DC3238 6 Bytes [ FF, 25, 1E, 00, 26, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!LsaAddAccountRights 77DEA9A1 6 Bytes [ FF, 25, 1E, 00, 2C, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!LsaRemoveAccountRights 77DEAA41 6 Bytes [ FF, 25, 1E, 00, 2F, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!ChangeServiceConfigA 77E06CC9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!ChangeServiceConfigW 77E06E61 6 Bytes [ FF, 25, 1E, 00, 08, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!ChangeServiceConfig2A 77E06F61 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!ChangeServiceConfig2W 77E06FE9 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!CreateServiceA 77E07071 6 Bytes [ FF, 25, 1E, 00, 17, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!CreateServiceW 77E07209 3 Bytes [ FF, 25, 1E ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!CreateServiceW + 4 77E0720D 2 Bytes [ 1A, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ADVAPI32.dll!DeleteService 77E07311 6 Bytes [ FF, 25, 1E, 00, 1D, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ole32.dll!CoCreateInstanceEx 774CFA6B 6 Bytes [ FF, 25, 1E, 00, 86, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ole32.dll!CoGetClassObject 774E5DB2 6 Bytes [ FF, 25, 1E, 00, 83, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ole32.dll!CLSIDFromProgID 774F42CC 6 Bytes [ FF, 25, 1E, 00, 80, 5F ] .text C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposts08.exe[3872] ole32.dll!CLSIDFromProgIDEx 775261FE 6 Bytes [ FF, 25, 1E, 00, 7D, 5F ] ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7788810] ShldDrv.SYS Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7788BD8] ShldDrv.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE [F77887D2] ShldDrv.SYS Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION [F7788B9A] ShldDrv.SYS Device \Driver\Modem \Device\0000009f IRP_MJ_WRITE [F79EB9D4] COMFiltr.sys Device \Driver\Modem \Device\000000b0 IRP_MJ_WRITE [F79EB9D4] COMFiltr.sys Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\USBSTOR \Device\000000c0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\USBSTOR \Device\000000c1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\USBSTOR \Device\000000b8 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\USBSTOR \Device\000000b9 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\Modem \Device\000000ac IRP_MJ_WRITE [F79EB9D4] COMFiltr.sys Device \Driver\Modem \Device\000000ae IRP_MJ_WRITE [F79EB9D4] COMFiltr.sys Device \Driver\USBSTOR \Device\000000bd IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\USBSTOR \Device\000000be IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \Driver\USBSTOR \Device\000000bf IRP_MJ_INTERNAL_DEVICE_CONTROL [F7717D60] sfsync02.sys Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F77887D2] ShldDrv.SYS Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7788B9A] ShldDrv.SYS ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- Files - GMER 1.0.12 ---- ADS C:\01-Eigene Dateien\01-Eigene Bilder\Desktop.ini:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Birnlückenblick.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Hornschlittenrennen in Kematen.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Klaussee.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Kreuz unterhalb der Drei Zinnen Hütte.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Oberer Bödensee - Drei Zinnen.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Paul.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Donauweibchen\Trippach.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Hotel Adler\02-Die Ahr.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Hotel Adler\14-Af do Vetta.jpg:KAVICHS ADS C:\01-Eigene Dateien\01-Eigene Bilder\Hotel Adler\Bild 15.jpg:KAVICHS ADS ... ---- EOF - GMER 1.0.12 ----