Созданные ответы форума
-
Сообщения
-
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)—- Devices — GMER 1.0.14 —-
AttachedDevice FileSystemNtfs Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice FileSystemFastfat Fat klif.sys (spuper-ptor/Kaspersky Lab)—- Registry — GMER 1.0.14 —-
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?
Reg HKLMSYSTEMCurrentControlSetControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@20�044�0404?4B�0454@4 �<484=484?4>4@4B�0404 �M�i�c�r�o�s�o�f�t� �T�u�n 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�L�002�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�T�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�P�P�P�o�E�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@374@4O4<4>494 �?�0404@�0404;4;�0454;4L4=4K494 �?4>4@4B4 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �W�A�N� �(�I�P�) 1?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@34484=484?4>4@4B4 �?4;�0404=484@4>�0424I484:�0404 �?�0404:�0454B4>�0424 1?2?
Reg HKLMSYSTEMControlSet002ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}Descriptions@20�044�0404?4B�0454@4 �<484=484?4>4@4B�0404 �M�i�c�r�o�s�o�f�t� �T�u�n 1?—- EOF — GMER 1.0.14 —-
второй
GMER 1.0.14.14536 — http://www.gmer.net
Autostart scan 2008-12-28 11:31:10
Windows 5.1.2600 Service Pack 2HKLMSYSTEMCurrentControlSetControlSession Manager@BootExecute = »» /*file not found*/
HKLMSYSTEMCurrentControlSetControlSession ManagerSubSystems@Windows = %SystemRoot%system32csrss.exe ObjectDirectory=Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon@Userinit = C:WINDOWSsystem32userinit.exe,
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotifyklogon@DLLName = C:WINDOWSsystem32klogon.dll
HKLMSYSTEMCurrentControlSetServices >>>
ABBYY.Licensing.FineReader.Professional.9.0@ = «C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe» -service
AVP@ = «C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe» -rHKLMSoftwareMicrosoftWindowsCurrentVersionRun >>>
@AVP»C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe» = «C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe»
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@Samsung Common SM»C:WINDOWSSamsungComSMMgrssmmgr.exe» /autorun = «C:WINDOWSSamsungComSMMgrssmmgr.exe» /autorun
@KernelFaultCheck%systemroot%system32dumprep 0 -k = %systemroot%system32dumprep 0 -kHKCUSoftwareMicrosoftWindowsCurrentVersionRun >>>
@KleptomaniaE:Program FilesKleptomaniak-mania.exe = E:Program FilesKleptomaniak-mania.exe
@CTFMON.EXEC:WINDOWSsystem32ctfmon.exe = C:WINDOWSsystem32ctfmon.exeHKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Расширение CPL панорамирования дисплея*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Свойства: Предыдущие версии*/%SystemRoot%system32twext.dll = %SystemRoot%system32twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Предыдущие версии*/%SystemRoot%system32twext.dll = %SystemRoot%system32twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:WINDOWSsystem32extmgr.dll = C:WINDOWSsystem32extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Веб-папки*/C:PROGRA~1COMMON~1MICROS~1WEBFOL~1MSONSEXT.DLL = C:PROGRA~1COMMON~1MICROS~1WEBFOL~1MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:Program FilesMicrosoft OfficeOFFICE11msohev.dll = C:Program FilesMicrosoft OfficeOFFICE11msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:Program FilesWinRARrarext.dll = C:Program FilesWinRARrarext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:WINDOWSsystem32dfshim.dll = C:WINDOWSsystem32dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:WINDOWSsystem32dfshim.dll = C:WINDOWSsystem32dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%System32XPSSHHDR.DLL = %SystemRoot%System32XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%System32XPSSHHDR.DLL = %SystemRoot%System32XPSSHHDR.DLL
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:WINDOWSsystem32ieframe.dll = C:WINDOWSsystem32ieframe.dll
@{59A3380E-5305-4cea-BD99-4F2FF510C91F} /*FineReader9ContextMenu*/C:Program FilesABBYY FineReader 9.0FRIntegration.dll = C:Program FilesABBYY FineReader 9.0FRIntegration.dllHKLMSoftwareClasses*shellexContextMenuHandlers >>>
FineReader9ContextMenu@{59A3380E-5305-4cea-BD99-4F2FF510C91F} = C:Program FilesABBYY FineReader 9.0FRIntegration.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows WorkstationsShellEx.dll
PromtMenu@{E28C61E1-67D8-4005-9BF4-E232B2EB9012} = C:Program FilesPRMT8PRMTprmshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:Program FilesWinRARrarext.dllHKLMSoftwareClassesDirectoryshellexContextMenuHandlersWinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:Program FilesWinRARrarext.dll
HKLMSoftwareClassesFoldershellexContextMenuHandlers >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows WorkstationsShellEx.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:Program FilesMalwarebytes’ Anti-Malwarembamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:Program FilesWinRARrarext.dllHKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
HKCUControl PanelDesktop@SCRNSAVE.EXE = C:WINDOWSsystem32logon.scr
HKLMSoftwareMicrosoftInternet ExplorerMain >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%system32blank.htm = %SystemRoot%system32blank.htmHKCUSoftwareMicrosoftInternet ExplorerMain >>>
@Default_Page_URLhttp://search.qip.ru = http://search.qip.ru
@Start Pagehttp://www.yandex.ru/ = http://www.yandex.ru/
@Local PageC:WINDOWSsystem32blank.htm = C:WINDOWSsystem32blank.htmHKLMSoftwareClassesPROTOCOLSFiltertext/xml@CLSID = C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL
HKLMSoftwareClassesPROTOCOLSHandler >>>
dvd@CLSID = C:WINDOWSsystem32msvidctl.dll
its@CLSID = C:WINDOWSsystem32itss.dll
mhtml@CLSID = %SystemRoot%system32inetcomm.dll
ms-its@CLSID = C:WINDOWSsystem32itss.dll
mso-offdap11@CLSID = C:PROGRA~1COMMON~1MICROS~1WEBCOM~111OWC11.DLL
tv@CLSID = C:WINDOWSsystem32msvidctl.dllHKLMSoftwareClassesPROTOCOLSHandlerwia@CLSID = C:WINDOWSsystem32wiascr.dll
—- EOF — GMER 1.0.14 —-
Кроме этого заметил, что ПК проработал в безопасном режиме более 4 часов и не завис. Поэтому через диспетчер задач снял работающие файлы в 2 режимах:Безопасный режим с загрузкой сетевых драйверов:
Имя образа Имя пользователя ЦП Память
taskmgr.exe User 02 3 704 КБ
ctfmon.exe User 00 1 428 КБ
WINWORD.EXE User 00 30 852 КБ
Explorer.EXE User 00 10 044 КБ
k-mania.exe User 15 3 116 КБ
svchost.exe LOCAL SERVICE 00 1 404 КБ
firefox.exe User 00 69 604 КБ
svchost.exe NETWORK SERVICE 00 1 376 КБ
svchost.exe SYSTEM 00 4 800 КБ
svchost.exe NETWORK SERVICE 00 2 212 КБ
svchost.exe SYSTEM 00 1 920 КБ
lsass.exe SYSTEM 01 916 КБ
services.exe SYSTEM 00 1 664 КБ
winlogon.exe SYSTEM 00 364 КБ
csrss.exe SYSTEM 02 2 292 КБ
smss.exe SYSTEM 00 140 КБ
System SYSTEM 00 72 КБ
Бeздeйcтвиe cиcтeмы SYSTEM 80 16 КБИ обычный режим:
Имя образа Имя пользователя ЦП Память
taskmgr.exe 02 1 808 КБ
ctfmon.exe 00 512 КБ
WINWORD.EXE User 00 35 728 КБ
Explorer.EXE 00 8 184 КБ
k-mania.exe 29 1 624 КБ
svchost.exe 00 1 388 КБ
svchost.exe 00 364 КБ
svchost.exe 14 6 608 КБ
svchost.exe 00 1 656 КБ
svchost.exe 00 1 344 КБ
lsass.exe 00 3 140 КБ
services.exe 00 2 092 КБ
winlogon.exe 00 3 348 КБ
csrss.exe 00 1 580 КБ
smss.exe 00 184 КБ
System 01 44 КБ
Бeздeйcтвиe cиcтeмы SYSTEM 46 16 КБ
wuauclt.exe SYSTEM 00 1440 КБ
SSMMgr.exe 00 496 КБ
SOUNDMAN.exe 00 416 КБ
avp.exe 00 3380КБ
NetworkLicenseServer.exe 00 756 КБ
spoolsv.exe 00 1644 КБ
alg.exe LOCAL SERVICE 00 496 КБ
svchost.exe 00 980 КБ
avp.exe 07 28336 КБСравнение показало, что в обычном режиме файлы занимают памяти меньше, чем те же файлы в безопасном, а также в обычном режиме загружены дополнительно файлы:
wuauclt.exe;
SSMMgr.exe;
SOUNDMAN.exe;
avp.exe;
NetworkLicenseServer.exe;
spoolsv.exe;
alg.exe;
svchost.exe;
avp.exe.Не имеют ли некоторые из них отношение к вирусам?
Также меня насторожило то, что файл avp.exe загружен дважды.Тогда я на всякий случай проверил диск С: на наличие эитх файлов и оказалось что их там 5 штук:
c:Documents and SettingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.2.678avp.exe
c:Documents and SettingsAll UsersApplication DataKaspersky LabAVP6DataUpdaterTemporary FilestemporaryFolderAutoPatcheskav66.0.3.830avp.exe
c:kav_baseAutoPatcheskav66.0.2.678avp.exe
c:kav_baseAutoPatcheskav66.0.3.830avp.exe
c:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe
Может быть появились некоторые лишние файлы avp.exe из-за того, что проверка on-line с помощью антивирусника Kaspersky не получилась (писал в первом письме), а он что-то закачивал на ПК.
И еще вот что. Снял файлы в корневом каталоге С:
Имя тип Размер Дата Атрибут
ntldr 250 624 03.08.2004 17:59 rahs
Found 002 32 768 10.12.2008 10:11 —hs
Autoexec bat 0 17.11.2008 20:38 -a—
Bootfont bin 4 952 20.10.2001 11:00 rahs
Ntdetect com 47 564 03.08.2004 17:38 rahs
OTViewIt exe 0 28.12.2008 10:41 -a—
boot ini 214 04.12.2008 19:28 —hs
Config sys 0 17.11.2008 20:38 -a—
Io sys 0 17.11.2008 20:38 rahs
Msdos sys 0 17.11.2008 20:38 rahs
pagefile sys 402 653 184 29.12.2008 21:14 -ahs
1 txt 8 093 24.11.2008 19:10 -a—
SAFEBOOT_REPA R TXT 13 554 02.12.2008 20:57 -a—Вот какие сомнения:
Много файлов архивных, системных, скрытых и только для чтения. Причем некоторые из них имеют огромный размер, а другие – нулевой.
А также вот это что за файлы, не вирус ли:
C:Recycled*.*
Имя тип Размер Дата Атрибут
Info2 1 620 29.12.2008 20:50 -ah-
Dc2 doc 162 29.12.2008 20:28 -ah-
desktop ini 65 29.12.2008 17:12 —hs
Dc1 lnk 2 463 28.12.2008 12:45 -a—Если вирус, то почему его не видят антивирус Касперского и все рекомендованные Вами программы? Может быть мне стоит снять все файлы *.exe и *.ini и среди них выявлять вирусы-трояны?
Отчего же зависает компьютер?
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ c:windowssystem32WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ c:windowssystem32WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[1460] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSExplorer.EXE [KERNEL32.dll!LoadLibraryExA] [7C882FB0] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSExplorer.EXE [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSExplorer.EXE [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSExplorer.EXE [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSExplorer.EXE [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSExplorer.EXE[1492] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32netapi32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32netapi32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32spoolsv.exe[1708] @ C:WINDOWSsystem32netapi32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B004A8
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B004D2
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B004FC
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B00526
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B00550
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B0057A
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B0086E
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00B00898
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] 00B008C2
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!FreeLibrary] 00B008EC
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] 00B00916
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] 00B00940
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B20454
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryA] 00B2047E
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryW] 00B204A8
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!GetProcAddress] 00B204D2
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!FreeLibrary] 00B204FC
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!SetErrorMode] 00B0032E
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00B00208
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryW] 00B00304
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00B00232
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryExW] 00B002DA
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B00358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetProcAddress] 00B0025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryA] 00B00286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!FreeLibrary] 00B001DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!LoadLibraryA] 00B00286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!FreeLibrary] 00B001DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!GetProcAddress] 00B0025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B00358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!GetProcAddress] 00B0025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00B00208
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00B00286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!FreeLibrary] 00B001DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B00358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B00304
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B00358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B00286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00B001DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00B0025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00B00208
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSOUNDMAN.EXE[1920] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT E:Program FilesKleptomaniak-mania.exe[1956] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32ctfmon.exe[1964] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 009604A8
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 009604D2
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 009604FC
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00960526
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00960550
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 0096057A
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 0096086E
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00960898
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] 009608C2
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!FreeLibrary] 009608EC
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] 00960916
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] 00960940
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00980454
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryA] 0098047E
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!LoadLibraryW] 009804A8
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!GetProcAddress] 009804D2
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32Secur32.dll [KERNEL32.dll!FreeLibrary] 009804FC
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!SetErrorMode] 0096032E
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetModuleFileNameA] 00960208
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryW] 00960304
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetModuleFileNameW] 00960232
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryExW] 009602DA
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!GetProcAddress] 0096025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!LoadLibraryA] 00960286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WININET.dll [KERNEL32.dll!FreeLibrary] 009601DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!LoadLibraryA] 00960286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!FreeLibrary] 009601DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!GetProcAddress] 0096025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!GetProcAddress] 0096025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00960208
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00960286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!FreeLibrary] 009601DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00960304
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00960358
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00960286
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!FreeLibrary] 009601DE
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetProcAddress] 0096025C
IAT C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00960208
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:Documents and SettingsUserРабочий столgmer.exe[3196] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт).text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + 43 77FA902C 63 Bytes [ FF, 50, 8D, 85, D0, FE, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + 83 77FA906C 24 Bytes [ 03, 33, FF, 47, FF, B5, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + 9C 77FA9085 3 Bytes [ 97, BF, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + A0 77FA9089 17 Bytes [ C9, C2, 08, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + B2 77FA909B 50 Bytes [ 56, 57, 74, 3C, 83, 7D, 0C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 2 77FA9369 5 Bytes [ FF, FF, D7, 8B, 45 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 8 77FA936F 49 Bytes [ 39, 85, E0, FE, FF, FF, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 3A 77FA93A1 167 Bytes [ B5, F0, FE, FF, FF, 8D, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + E2 77FA9449 2 Bytes [ FF, 56 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + E5 77FA944C 4 Bytes [ B5, F0, FE, FF ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 29 77FAFD36 17 Bytes [ B5, 80, F3, FF, FF, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 3B 77FAFD48 5 Bytes [ B5, 78, F3, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 41 77FAFD4E 8 Bytes [ B5, C4, F9, FF, FF, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 4B 77FAFD58 17 Bytes [ FF, FF, 15, 54, 13, F6, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 5D 77FAFD6A 36 Bytes [ 73, 04, 8B, F3, 8D, BD, 30, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + B 77FAFE53 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 52 77FAFE9A 4 Bytes [ B5, EC, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 57 77FAFE9F 8 Bytes [ 56, FF, 15, E0, D1, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 60 77FAFEA8 2 Bytes CALL 03FAFEAA
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 64 77FAFEAC 5 Bytes [ 8B, F0, E8, D2, A4 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 2 77FAFF5F 30 Bytes [ 75, 14, 56, 57, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 21 77FAFF7E 18 Bytes [ 8B, 45, F8, 68, EC, 03, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 3F 77FAFF9C 11 Bytes [ 74, 16, 85, F6, 74, 12, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 4B 77FAFFA8 21 Bytes CALL 77FAA5F0 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 61 77FAFFBE 23 Bytes [ FF, 8B, 4D, FC, 8B, C7, 5F, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindSuffixArrayW + 2F 77FB0EFC 23 Bytes [ FF, FF, 75, 0C, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathQuoteSpacesW + 7 77FB0F5E 52 Bytes [ FF, 55, 8B, EC, 81, EC, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSkipRootW + 13 77FB0FC5 94 Bytes [ FF, FF, 75, 0C, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSameRootW + 15 77FB1024 47 Bytes [ BF, 04, 01, 00, 00, 57, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSameRootW + 45 77FB1054 184 Bytes [ 00, 8B, 86, 84, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 11 77FB1127 25 Bytes [ 90, 25, 00, 25, 00, 25, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 2B 77FB1141 3 Bytes [ 55, 8B, EC ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 30 77FB1146 73 Bytes [ 39, 05, 68, DA, FC, 77, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 6 77FB1190 1 Byte [ 45 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 8 77FB1192 9 Bytes [ 57, 8B, 7D, 0C, 8D, 8D, 70, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 12 77FB119C 92 Bytes [ 89, 85, 6C, FF, FF, FF, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + F6 77FB1280 7 Bytes [ 75, 11, 6A, FF, FF, B5, 68 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 108 77FB1292 35 Bytes [ F8, 8D, 8D, 70, FF, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRenameExtensionW + 2E 77FB1330 192 Bytes [ 8D, 70, FF, FF, FF, E8, 98, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + 97 77FB13F1 21 Bytes [ D3, 8D, 44, 00, 02, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + AD 77FB1407 5 Bytes [ FF, E8, 62, 92, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + B3 77FB140D 44 Bytes [ 6A, 00, 8D, 85, F0, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + 15 77FB143A 116 Bytes [ F4, FD, FF, FF, 50, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + 8C 77FB14B1 22 Bytes [ 89, 85, E0, FD, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + A3 77FB14C8 16 Bytes [ FF, 83, 85, E4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + B4 77FB14D9 10 Bytes [ 5E, 5B, 8B, 4D, FC, 8B, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + D0 77FB14F5 46 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 21 77FB16FA 9 Bytes [ FF, 68, 04, 01, 00, 00, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 2B 77FB1704 1 Byte [ BD ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 33 77FB170C 9 Bytes [ FB, FF, 83, C4, 10, 8D, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 3D 77FB1716 22 Bytes [ FF, 50, 8D, 85, F0, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 80 77FB1759 8 Bytes [ 85, C0, 74, 0A, C7, 85, EC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 34 77FB1A16 79 Bytes [ EB, 03, 33, DB, 43, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 120 77FB1B02 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 130 77FB1B12 62 Bytes [ A1, 80, D2, FC, 77, 53, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 16F 77FB1B51 60 Bytes [ 83, 04, 07, 80, 83, E3, 40, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 1AF 77FB1B91 25 Bytes [ 8B, 85, E4, FD, FF, FF, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + 5F 77FB1DB8 7 Bytes [ 55, 8B, EC, 81, EC, 0C, 02 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + 67 77FB1DC0 59 Bytes [ 00, A1, 80, D2, FC, 77, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + A3 77FB1DFC 11 Bytes [ 8B, F8, 85, FF, 74, 3A, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + AF 77FB1E08 26 Bytes [ 15, 70, 14, F6, 77, 8D, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + CA 77FB1E23 13 Bytes [ 0D, 68, 18, 61, F9, 77, 6A, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 3B 77FB6068 64 Bytes [ 85, C0, 74, 4D, 83, 7D, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 7C 77FB60A9 11 Bytes [ 75, 14, FF, 75, 10, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 88 77FB60B5 30 Bytes [ 50, 14, 8B, D8, 5F, 8B, C3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + A7 77FB60D4 21 Bytes [ 39, 7D, 14, 75, 0A, B8, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + BD 77FB60EA 12 Bytes [ 08, F6, 86, 18, 02, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 40 77FB6DB8 10 Bytes [ 15, 70, 13, F6, 77, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 4B 77FB6DC3 2 Bytes [ 59, E2 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 4F 77FB6DC7 1 Byte [ C9 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 51 77FB6DC9 1 Byte [ 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 54 77FB6DCC 75 Bytes [ 41, 64, 64, 49, 6E, 74, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 3F 77FB6E18 4 Bytes [ 56, 68, 02, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 60 77FB6E39 1 Byte [ 56 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 62 77FB6E3B 5 Bytes [ 01, 00, 00, 80, E8 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 68 77FB6E41 19 Bytes [ AE, FB, FF, F7, D8, 1B, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 7C 77FB6E55 7 Bytes [ FF, 55, 8B, EC, 56, 6A, 04 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 41 77FBDD46 1 Byte [ 10 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 43 77FBDD48 2 Bytes [ 4B, 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 46 77FBDD4B 74 Bytes [ 00, 57, FF, 15, C4, 17, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + D3 77FBDDD8 37 Bytes [ FF, 75, 14, FF, 75, 10, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + FA 77FBDDFF 107 Bytes [ 10, FF, 35, 80, DC, FC, 77, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 24 77FBECA1 1 Byte [ 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 26 77FBECA3 12 Bytes CALL 77FAD927 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 33 77FBECB0 9 Bytes [ 15, 88, 14, F6, 77, EB, 03, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 3D 77FBECBA 12 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 4A 77FBECC7 133 Bytes [ C9, C3, 90, 90, 90, 70, 73, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashA 77FBED92 54 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashA + 3A 77FBEDCC 149 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 95 77FBEE62 43 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + C1 77FBEE8E 124 Bytes [ 45, 08, 50, 57, 57, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 13E 77FBEF0B 89 Bytes [ C0, 74, 27, 56, FF, 15, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 198 77FBEF65 85 Bytes [ FF, 89, 45, FC, 8B, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 1EE 77FBEFBB 72 Bytes [ 01, 00, 00, A1, 80, D2, FC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 1 77FBF64E 7 Bytes [ 00, 25, 00, FF, 00, 00, 09 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 9 77FBF656 29 Bytes [ 83, 7B, 14, 00, 74, 0A, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 27 77FBF674 36 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 4C 77FBF699 40 Bytes [ 85, C0, 74, 12, 6A, 0A, 59, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 75 77FBF6C2 35 Bytes [ 41, 24, 85, C0, 75, 13, 39, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 24 77FBF75E 8 Bytes [ 56, 8B, 75, 08, 8B, 06, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 2D 77FBF767 1 Byte [ 02 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 2F 77FBF769 76 Bytes [ 00, 23, C3, 50, FF, 76, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 7C 77FBF7B6 8 Bytes [ 76, 14, FF, 76, 10, E8, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 87 77FBF7C1 34 Bytes [ 75, F8, 89, 45, 08, 8D, 45, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeA + 13 77FBF853 100 Bytes [ FF, 55, 8B, EC, 51, 83, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeA + 78 77FBF8B8 16 Bytes [ F4, C7, 45, FC, 05, 40, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeA + 89 77FBF8C9 34 Bytes [ 55, 8B, EC, 8B, 45, 08, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 1A 77FBF8EC 68 Bytes [ EC, 81, EC, 34, 04, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 5F 77FBF931 39 Bytes [ 50, 01, 00, 00, 56, BE, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 87 77FBF959 35 Bytes [ 50, 8D, 85, F4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + AB 77FBF97D 33 Bytes [ FF, 89, BD, D8, FB, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + CD 77FBF99F 69 Bytes [ 50, 6A, FF, 8D, 85, F8, FE, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 27 77FBF9E6 17 Bytes [ FF, 50, 8D, 85, F4, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 39 77FBF9F8 3 Bytes CALL C8FBF9F8
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 3E 77FBF9FD 8 Bytes [ 50, 8D, 85, F8, FE, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 47 77FBFA06 11 Bytes [ B5, D8, FB, FF, FF, 89, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 53 77FBFA12 11 Bytes [ B5, DC, FB, FF, FF, 89, B5, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW 77FBFA9A 56 Bytes [ 90, 90, 53, 6F, 66, 74, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + 39 77FBFAD3 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + B4 77FBFB4E 1 Byte [ 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + F9 77FBFB93 38 Bytes [ 00, 5C, 00, 57, 00, 69, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + 120 77FBFBBA 48 Bytes [ 73, 00, 69, 00, 6F, 00, 6E, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 1C 77FBFF12 36 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 41 77FBFF37 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 43 77FBFF39 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 45 77FBFF3B 6 Bytes [ 6A, 2F, 53, FF, 76, 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 4C 77FBFF42 84 Bytes CALL 77F83AC7 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 2 77FC0128 50 Bytes [ 75, 07, B8, 96, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 36 77FC015C 36 Bytes [ 66, 8B, 4C, 4D, BC, 66, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 5B 77FC0181 46 Bytes [ 74, 05, 83, C0, 14, EB, 27, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 8A 77FC01B0 20 Bytes [ 85, B4, EF, FF, FF, 8B, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 9F 77FC01C5 35 Bytes [ 72, 8F, 33, DB, 8B, 8D, B8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 23 77FC22F5 107 Bytes [ 00, 74, 5C, 8B, 45, 08, 3B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 8F 77FC2361 1 Byte [ D7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 91 77FC2363 70 Bytes [ 45, FC, 5F, 5E, 5B, C9, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + D8 77FC23AA 42 Bytes [ 3A, 89, 4D, F8, 8B, 4D, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 104 77FC23D6 10 Bytes [ 39, 75, F4, 75, 05, 33, F6, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + D 77FC5996 72 Bytes [ 00, 5F, 8B, C6, 5E, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + 57 77FC59E0 22 Bytes [ 8D, 85, FC, F5, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + 6E 77FC59F7 81 Bytes [ FF, 68, 00, 01, 00, 00, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + C0 77FC5A49 10 Bytes [ FF, 55, 8B, EC, 83, EC, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + CB 77FC5A54 97 Bytes [ 45, 1C, FF, 75, 14, 83, 65, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 20 77FC6A55 82 Bytes [ 55, 8B, EC, 8B, 45, 08, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 74 77FC6AA9 6 Bytes [ 5E, 0F, 95, C1, 8B, C1 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 7C 77FC6AB1 1 Byte [ 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 83 77FC6AB8 58 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + BE 77FC6AF3 94 Bytes [ 55, 8B, EC, 56, 33, F6, 39, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + B 77FC7A26 3 Bytes [ 6E, 00, 63 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + F 77FC7A2A 4 Bytes [ 65, 00, 64, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 14 77FC7A2F 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 19 77FC7A34 39 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 41 77FC7A5C 19 Bytes [ 8B, F0, 85, F6, 74, 07, 6A, … ]
.text …
? C:WINDOWSSystem32alg.exe[260] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32csrss.exe[712] C:WINDOWSsystem32KERNEL32.dll time/date stamp mismatch;
? C:WINDOWSsystem32winlogon.exe[736] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32services.exe[784] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32lsass.exe[796] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[964] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[1028] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSSystem32svchost.exe[1156] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[1244] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesMozilla Firefoxfirefox.exe[1256] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[1460] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSExplorer.EXE[1492] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32spoolsv.exe[1708] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSSOUNDMAN.EXE[1920] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? E:Program FilesKleptomaniak-mania.exe[1956] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32ctfmon.exe[1964] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Documents and SettingsUserРабочий столgmer.exe[3196] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;—- User IAT/EAT — GMER 1.0.14 —-
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32svchost.exe [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32svchost.exe [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт).text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + 43 77FA902C 63 Bytes [ FF, 50, 8D, 85, D0, FE, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + 83 77FA906C 24 Bytes [ 03, 33, FF, 47, FF, B5, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + 9C 77FA9085 3 Bytes [ 97, BF, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + A0 77FA9089 17 Bytes [ C9, C2, 08, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExA + B2 77FA909B 50 Bytes [ 56, 57, 74, 3C, 83, 7D, 0C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 2 77FA9369 5 Bytes [ FF, FF, D7, 8B, 45 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 8 77FA936F 49 Bytes [ 39, 85, E0, FE, FF, FF, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + 3A 77FA93A1 167 Bytes [ B5, F0, FE, FF, FF, 8D, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + E2 77FA9449 2 Bytes [ FF, 56 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsA + E5 77FA944C 4 Bytes [ B5, F0, FE, FF ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 29 77FAFD36 17 Bytes [ B5, 80, F3, FF, FF, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 3B 77FAFD48 5 Bytes [ B5, 78, F3, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 41 77FAFD4E 8 Bytes [ B5, C4, F9, FF, FF, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 4B 77FAFD58 17 Bytes [ FF, FF, 15, 54, 13, F6, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringA + 5D 77FAFD6A 36 Bytes [ 73, 04, 8B, F3, 8D, BD, 30, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + B 77FAFE53 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 52 77FAFE9A 4 Bytes [ B5, EC, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 57 77FAFE9F 8 Bytes [ 56, FF, 15, E0, D1, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 60 77FAFEA8 2 Bytes CALL 03FAFEAA
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyA + 64 77FAFEAC 5 Bytes [ 8B, F0, E8, D2, A4 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 2 77FAFF5F 30 Bytes [ 75, 14, 56, 57, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 21 77FAFF7E 18 Bytes [ 8B, 45, F8, 68, EC, 03, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 3F 77FAFF9C 11 Bytes [ 74, 16, 85, F6, 74, 12, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 4B 77FAFFA8 21 Bytes CALL 77FAA5F0 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyA + 61 77FAFFBE 23 Bytes [ FF, 8B, 4D, FC, 8B, C7, 5F, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindSuffixArrayW + 2F 77FB0EFC 23 Bytes [ FF, FF, 75, 0C, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathQuoteSpacesW + 7 77FB0F5E 52 Bytes [ FF, 55, 8B, EC, 81, EC, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSkipRootW + 13 77FB0FC5 94 Bytes [ FF, FF, 75, 0C, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSameRootW + 15 77FB1024 47 Bytes [ BF, 04, 01, 00, 00, 57, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSameRootW + 45 77FB1054 184 Bytes [ 00, 8B, 86, 84, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 11 77FB1127 25 Bytes [ 90, 25, 00, 25, 00, 25, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 2B 77FB1141 3 Bytes [ 55, 8B, EC ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderW + 30 77FB1146 73 Bytes [ 39, 05, 68, DA, FC, 77, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 6 77FB1190 1 Byte [ 45 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 8 77FB1192 9 Bytes [ 57, 8B, 7D, 0C, 8D, 8D, 70, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 12 77FB119C 92 Bytes [ 89, 85, 6C, FF, FF, FF, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + F6 77FB1280 7 Bytes [ 75, 11, 6A, FF, FF, B5, 68 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsLFNFileSpecW + 108 77FB1292 35 Bytes [ F8, 8D, 8D, 70, FF, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRenameExtensionW + 2E 77FB1330 192 Bytes [ 8D, 70, FF, FF, FF, E8, 98, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + 97 77FB13F1 21 Bytes [ D3, 8D, 44, 00, 02, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + AD 77FB1407 5 Bytes [ FF, E8, 62, 92, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyW + B3 77FB140D 44 Bytes [ 6A, 00, 8D, 85, F0, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + 15 77FB143A 116 Bytes [ F4, FD, FF, FF, 50, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + 8C 77FB14B1 22 Bytes [ 89, 85, E0, FD, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + A3 77FB14C8 16 Bytes [ FF, 83, 85, E4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + B4 77FB14D9 10 Bytes [ 5E, 5B, 8B, 4D, FC, 8B, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathW + D0 77FB14F5 46 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 21 77FB16FA 9 Bytes [ FF, 68, 04, 01, 00, 00, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 2B 77FB1704 1 Byte [ BD ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 33 77FB170C 9 Bytes [ FB, FF, 83, C4, 10, 8D, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 3D 77FB1716 22 Bytes [ FF, 50, 8D, 85, F0, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathW + 80 77FB1759 8 Bytes [ 85, C0, 74, 0A, C7, 85, EC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 34 77FB1A16 79 Bytes [ EB, 03, 33, DB, 43, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 120 77FB1B02 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 130 77FB1B12 62 Bytes [ A1, 80, D2, FC, 77, 53, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 16F 77FB1B51 60 Bytes [ 83, 04, 07, 80, 83, E3, 40, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathExW + 1AF 77FB1B91 25 Bytes [ 8B, 85, E4, FD, FF, FF, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + 5F 77FB1DB8 7 Bytes [ 55, 8B, EC, 81, EC, 0C, 02 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + 67 77FB1DC0 59 Bytes [ 00, A1, 80, D2, FC, 77, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + A3 77FB1DFC 11 Bytes [ 8B, F8, 85, FF, 74, 3A, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + AF 77FB1E08 26 Bytes [ 15, 70, 14, F6, 77, 8D, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnExpandEnvStringsW + CA 77FB1E23 13 Bytes [ 0D, 68, 18, 61, F9, 77, 6A, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 3B 77FB6068 64 Bytes [ 85, C0, 74, 4D, 83, 7D, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 7C 77FB60A9 11 Bytes [ 75, 14, FF, 75, 10, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + 88 77FB60B5 30 Bytes [ 50, 14, 8B, D8, 5F, 8B, C3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + A7 77FB60D4 21 Bytes [ 39, 7D, 14, 75, 0A, B8, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegisterValidateTemplate + BD 77FB60EA 12 Bytes [ 08, F6, 86, 18, 02, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 40 77FB6DB8 10 Bytes [ 15, 70, 13, F6, 77, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 4B 77FB6DC3 2 Bytes [ 59, E2 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 4F 77FB6DC7 1 Byte [ C9 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 51 77FB6DC9 1 Byte [ 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHReleaseThreadRef + 54 77FB6DCC 75 Bytes [ 41, 64, 64, 49, 6E, 74, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 3F 77FB6E18 4 Bytes [ 56, 68, 02, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 60 77FB6E39 1 Byte [ 56 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 62 77FB6E3B 5 Bytes [ 01, 00, 00, 80, E8 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 68 77FB6E41 19 Bytes [ AE, FB, FF, F7, D8, 1B, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHIsLowMemoryMachine + 7C 77FB6E55 7 Bytes [ FF, 55, 8B, EC, 56, 6A, 04 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 41 77FBDD46 1 Byte [ 10 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 43 77FBDD48 2 Bytes [ 4B, 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + 46 77FBDD4B 74 Bytes [ 00, 57, FF, 15, C4, 17, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + D3 77FBDDD8 37 Bytes [ FF, 75, 14, FF, 75, 10, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesA + FA 77FBDDFF 107 Bytes [ 10, FF, 35, 80, DC, FC, 77, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 24 77FBECA1 1 Byte [ 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 26 77FBECA3 12 Bytes CALL 77FAD927 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 33 77FBECB0 9 Bytes [ 15, 88, 14, F6, 77, EB, 03, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 3D 77FBECBA 12 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareA + 4A 77FBECC7 133 Bytes [ C9, C3, 90, 90, 90, 70, 73, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashA 77FBED92 54 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashA + 3A 77FBEDCC 149 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 95 77FBEE62 43 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + C1 77FBEE8E 124 Bytes [ 45, 08, 50, 57, 57, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 13E 77FBEF0B 89 Bytes [ C0, 74, 27, 56, FF, 15, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 198 77FBEF65 85 Bytes [ FF, 89, 45, FC, 8B, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlHashW + 1EE 77FBEFBB 72 Bytes [ 01, 00, 00, A1, 80, D2, FC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 1 77FBF64E 7 Bytes [ 00, 25, 00, FF, 00, 00, 09 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 9 77FBF656 29 Bytes [ 83, 7B, 14, 00, 74, 0A, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 27 77FBF674 36 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 4C 77FBF699 40 Bytes [ 85, C0, 74, 12, 6A, 0A, 59, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeA + 75 77FBF6C2 35 Bytes [ 41, 24, 85, C0, 75, 13, 39, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 24 77FBF75E 8 Bytes [ 56, 8B, 75, 08, 8B, 06, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 2D 77FBF767 1 Byte [ 02 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 2F 77FBF769 76 Bytes [ 00, 23, C3, 50, FF, 76, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 7C 77FBF7B6 8 Bytes [ 76, 14, FF, 76, 10, E8, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartA + 87 77FBF7C1 34 Bytes [ 75, F8, 89, 45, 08, 8D, 45, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeA + 13 77FBF853 100 Bytes [ FF, 55, 8B, EC, 51, 83, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeA + 78 77FBF8B8 16 Bytes [ F4, C7, 45, FC, 05, 40, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeA + 89 77FBF8C9 34 Bytes [ 55, 8B, EC, 8B, 45, 08, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 1A 77FBF8EC 68 Bytes [ EC, 81, EC, 34, 04, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 5F 77FBF931 39 Bytes [ 50, 01, 00, 00, 56, BE, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + 87 77FBF959 35 Bytes [ 50, 8D, 85, F4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + AB 77FBF97D 33 Bytes [ FF, 89, BD, D8, FB, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathA + CD 77FBF99F 69 Bytes [ 50, 6A, FF, 8D, 85, F8, FE, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 27 77FBF9E6 17 Bytes [ FF, 50, 8D, 85, F4, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 39 77FBF9F8 3 Bytes CALL C8FBF9F8
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 3E 77FBF9FD 8 Bytes [ 50, 8D, 85, F8, FE, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 47 77FBFA06 11 Bytes [ B5, D8, FB, FF, FF, 89, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeA + 53 77FBFA12 11 Bytes [ B5, DC, FB, FF, FF, 89, B5, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW 77FBFA9A 56 Bytes [ 90, 90, 53, 6F, 66, 74, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + 39 77FBFAD3 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + B4 77FBFB4E 1 Byte [ 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + F9 77FBFB93 38 Bytes [ 00, 5C, 00, 57, 00, 69, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlApplySchemeW + 120 77FBFBBA 48 Bytes [ 73, 00, 69, 00, 6F, 00, 6E, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 1C 77FBFF12 36 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 41 77FBFF37 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 43 77FBFF39 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 45 77FBFF3B 6 Bytes [ 6A, 2F, 53, FF, 76, 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsNoHistoryA + 4C 77FBFF42 84 Bytes CALL 77F83AC7 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 2 77FC0128 50 Bytes [ 75, 07, B8, 96, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 36 77FC015C 36 Bytes [ 66, 8B, 4C, 4D, BC, 66, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 5B 77FC0181 46 Bytes [ 74, 05, 83, C0, 14, EB, 27, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 8A 77FC01B0 20 Bytes [ 85, B4, EF, FF, FF, 8B, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileA + 9F 77FC01C5 35 Bytes [ 72, 8F, 33, DB, 8B, 8D, B8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 23 77FC22F5 107 Bytes [ 00, 74, 5C, 8B, 45, 08, 3B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 8F 77FC2361 1 Byte [ D7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 91 77FC2363 70 Bytes [ 45, FC, 5F, 5E, 5B, C9, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + D8 77FC23AA 42 Bytes [ 3A, 89, 4D, F8, 8B, 4D, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamW + 104 77FC23D6 10 Bytes [ 39, 75, F4, 75, 05, 33, F6, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + D 77FC5996 72 Bytes [ 00, 5F, 8B, C6, 5E, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + 57 77FC59E0 22 Bytes [ 8D, 85, FC, F5, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + 6E 77FC59F7 81 Bytes [ FF, 68, 00, 01, 00, 00, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + C0 77FC5A49 10 Bytes [ FF, 55, 8B, EC, 83, EC, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DllGetVersion + CB 77FC5A54 97 Bytes [ 45, 1C, FF, 75, 14, 83, 65, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 20 77FC6A55 82 Bytes [ 55, 8B, EC, 8B, 45, 08, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 74 77FC6AA9 6 Bytes [ 5E, 0F, 95, C1, 8B, C1 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 7C 77FC6AB1 1 Byte [ 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + 83 77FC6AB8 58 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!DelayLoadFailureHook + BE 77FC6AF3 94 Bytes [ 55, 8B, EC, 56, 33, F6, 39, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + B 77FC7A26 3 Bytes [ 6E, 00, 63 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + F 77FC7A2A 4 Bytes [ 65, 00, 64, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 14 77FC7A2F 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 19 77FC7A34 39 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + 41 77FC7A5C 19 Bytes [ 8B, F0, 85, F6, 74, 07, 6A, … ]
.text …
? C:WINDOWSSystem32alg.exe[260] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32csrss.exe[712] C:WINDOWSsystem32KERNEL32.dll time/date stamp mismatch;
? C:WINDOWSsystem32winlogon.exe[736] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32services.exe[784] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32lsass.exe[796] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[964] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[1028] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSSystem32svchost.exe[1156] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[1244] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesMozilla Firefoxfirefox.exe[1256] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32svchost.exe[1460] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSExplorer.EXE[1492] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32spoolsv.exe[1708] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1860] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesABBYY FineReader 9.0NetworkLicenseServer.exe[1892] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSSOUNDMAN.EXE[1920] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSSamsungComSMMgrssmmgr.exe[1932] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? E:Program FilesKleptomaniak-mania.exe[1956] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:WINDOWSsystem32ctfmon.exe[1964] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstationsavp.exe[1984] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
? C:Documents and SettingsUserРабочий столgmer.exe[3196] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;—- User IAT/EAT — GMER 1.0.14 —-
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32svchost.exe [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32svchost.exe [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSsystem32svchost.exe[220] @ C:WINDOWSsystem32NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C882FD8] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C882F9C] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C882FC4] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт)
IAT C:WINDOWSSystem32alg.exe[260] @ C:WINDOWSsystem32RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C882FEC] C:WINDOWSsystem32kernel32.dll (Библиотека клиента Windows NT BASE API/Корпорация Майкрософт).text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteUSValueA + 67 77FA19F6 90 Bytes [ 61, 62, 61, 73, 65, 00, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteUSValueW + 19 77FA1A51 45 Bytes [ 65, 63, 6B, 53, 68, 65, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteUSValueW + 47 77FA1A7F 74 Bytes [ 77, 52, 75, 6E, 53, 65, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 2F 77FA1ACA 4 Bytes [ FA, 77, 98, 82 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 34 77FA1ACF 54 Bytes [ 77, D8, 0F, FA, 77, 98, 82, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 6B 77FA1B06 40 Bytes [ FC, 77, 44, 0F, FA, 77, 2F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 94 77FA1B2F 134 Bytes [ 77, F0, 0E, FA, 77, AB, 71, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSKeyA + 11 77FA1BB6 151 Bytes [ FC, 77, D8, 0D, FA, 77, 1B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSValueA + 1F 77FA1C4E 17 Bytes [ FC, 77, 58, 0C, FA, 77, A7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSValueA + 31 77FA1C60 66 Bytes [ 50, 6F, 6C, 69, 63, 79, 49, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSValueA + 74 77FA1CA3 170 Bytes [ 90, 53, 61, 66, 65, 72, 47, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSValueW + 7F 77FA1D4E 122 Bytes [ 65, 45, 78, 57, 00, 90, 52, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 5A 77FA1DC9 42 Bytes [ 65, 72, 79, 49, 6E, 66, 6F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 85 77FA1DF4 13 Bytes [ 52, 65, 67, 4F, 70, 65, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetPathW + A 77FA1E02 79 Bytes [ 90, 90, 52, 65, 67, 4F, 70, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetPathW + 5A 77FA1E52 48 Bytes [ 90, 90, 52, 65, 67, 44, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetPathW + 8C 77FA1E84 46 Bytes [ 52, 65, 67, 43, 72, 65, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetPathA + 2D 77FA1EB3 48 Bytes [ 90, 4F, 70, 65, 6E, 54, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetPathA + 5E 77FA1EE4 165 Bytes [ 65, 67, 65, 56, 61, 6C, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 25 77FA1F8A 288 Bytes [ 72, 63, 65, 00, 90, 90, 43, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 146 77FA20AB 27 Bytes [ 00, C0, 00, 00, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 164 77FA20C9 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 17C 77FA20E1 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueA + 17F 77FA20E4 63 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetPathA + 13 77FA21DF 72 Bytes [ 99, F7, F9, 50, EB, 25, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetPathW + 2F 77FA2228 13 Bytes [ 75, 08, FF, 35, 60, D4, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetPathW + 3D 77FA2236 37 Bytes [ 5D, C2, 0C, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetPathW + 63 77FA225C 12 Bytes [ 07, 80, EB, 30, 56, 57, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetPathW + 70 77FA2269 24 Bytes [ 75, 10, 8D, 70, FF, 56, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetPathW + 89 77FA2282 98 Bytes [ 07, EB, 09, BB, 7A, 00, 07, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetUSValueA + 37 77FA264E 102 Bytes [ FF, 6A, 40, FF, 15, 84, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetUSValueA + 9E 77FA26B5 17 Bytes [ FF, 15, 40, 10, F6, 77, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetUSValueA + B0 77FA26C7 5 Bytes [ 8D, 85, F8, FE, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetUSValueA + B6 77FA26CD 4 Bytes [ FF, B5, E8, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetUSValueA + BB 77FA26D2 184 Bytes [ FF, FF, B5, CC, FD, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrIA + B 77FA43CA 8 Bytes [ 8D, 85, F0, FA, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrIA + 14 77FA43D3 37 Bytes [ F8, FA, FF, FF, 50, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrIA + 3A 77FA43F9 61 Bytes [ 41, 18, 33, D2, F7, 71, 1C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkA + 13 77FA4437 57 Bytes [ E2, FA, FF, FF, 50, 0F, B7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkA + 4D 77FA4471 54 Bytes [ 11, F6, 77, 50, 8D, 85, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExA + 34 77FA44A8 6 Bytes [ FA, FF, FF, 50, 0F, B7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExA + 3B 77FA44AF 11 Bytes [ E6, FA, FF, FF, 50, 0F, B7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExA + 47 77FA44BB 57 Bytes [ 50, 0F, B7, 85, E0, FA, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntExA + 2 77FA44F5 9 Bytes [ 50, FF, B5, F4, FA, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntExA + C 77FA44FF 324 Bytes [ B5, F4, FA, FF, FF, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCSpnIA + 16 77FA4644 47 Bytes [ 6C, 75, 2C, 25, 6C, 75, 09, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCSpnIA + 46 77FA4674 62 Bytes [ 5C, 73, 68, 70, 65, 72, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIA + 4C 77FA46C4 27 Bytes [ 81, A5, F4, FE, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIA + 68 77FA46E0 22 Bytes [ FF, A1, AC, D3, FC, 77, 39, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIA + 7F 77FA46F7 96 Bytes [ CB, 23, 08, 66, F7, C1, 49, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNW + 4C 77FA4758 11 Bytes [ FF, FF, 89, 06, 8B, 45, 1C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNW + 58 77FA4764 7 Bytes [ 15, A4, 11, F6, 77, 84, DB ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNW + 60 77FA476C 29 Bytes [ BD, F0, FE, FF, FF, 89, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + D 77FA478A 70 Bytes [ 51, FF, B5, F0, FE, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 54 77FA47D1 5 Bytes [ 57, FF, B5, F8, FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 5A 77FA47D7 4 Bytes [ FF, FF, 70, 60 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 5F 77FA47DC 40 Bytes [ D1, A1, AC, D3, FC, 77, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerA + 88 77FA4805 108 Bytes [ 15, 57, FF, B5, F8, FE, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimA + 2 77FA4872 40 Bytes [ 08, 00, 00, 00, A1, AC, D3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimA + 2B 77FA489B 61 Bytes [ 4D, FC, 8B, 85, EC, FE, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimA + 69 77FA48D9 40 Bytes [ 75, 10, FF, 75, 0C, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimA + 92 77FA4902 83 Bytes [ 56, 56, 68, 00, 01, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBSTR + 2D 77FA4956 15 Bytes [ FF, 55, 8B, EC, 5D, E9, 25, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBSTR + 3D 77FA4966 57 Bytes [ FF, 55, 8B, EC, 81, EC, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBSTR + 77 77FA49A0 6 Bytes [ 75, 1C, 8D, 85, FC, FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBSTR + 7E 77FA49A7 4 Bytes [ FF, FF, 75, 18 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBSTR + 83 77FA49AC 9 Bytes [ 75, 14, FF, 75, 10, 50, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBufA + 15 77FA49F6 1 Byte [ 48 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBufA + 17 77FA49F8 56 Bytes [ 47, 48, 0F, 85, 60, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBufA + 50 77FA4A31 111 Bytes [ 15, F4, 17, F6, 77, A3, D0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHStrDupA + 41 77FA4AA1 28 Bytes [ 83, C4, 10, 33, DB, 53, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatChainW + 2 77FA4ABE 105 Bytes [ FF, A1, AC, D3, FC, 77, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrNIW + 1D 77FA4B28 73 Bytes [ 15, 68, 14, F6, 77, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrIW + 23 77FA4B72 120 Bytes [ 00, 90, 53, 68, 65, 6C, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNIW + E 77FA4BEB 39 Bytes [ 06, 83, 7D, 14, 08, 75, 32, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNIW + 36 77FA4C13 62 Bytes [ 53, 53, 6A, 03, 6A, 01, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNIW + 75 77FA4C52 69 Bytes [ 41, 20, EB, 0D, 33, D2, F7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNIW + BB 77FA4C98 6 Bytes [ 53, 61, 6D, 65, 25, 73 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrNIW + C2 77FA4C9F 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSize64A + 4 77FA4E63 69 Bytes [ 80, A4, 00, 00, 00, 89, 58, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeA + 4 77FA4EA9 9 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 6D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeA + E 77FA4EB3 42 Bytes [ C9, C2, 04, 00, 90, 25, 73, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeA + 39 77FA4EDE 29 Bytes [ 45, 08, 8B, 0D, AC, D3, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeA + 57 77FA4EFC 50 Bytes [ 00, A1, 80, D2, FC, 77, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrA + 2F 77FA4F30 8 Bytes [ 75, 07, 6A, 01, E8, 88, EE, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrA + 38 77FA4F39 80 Bytes [ 56, FF, 75, 28, 68, 02, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrA + 89 77FA4F8A 16 Bytes [ 00, 00, 6A, 27, 8D, 45, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrA + 9A 77FA4F9B 11 Bytes [ 18, F6, 77, A1, AC, D3, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrA + A6 77FA4FA7 47 Bytes [ C0, 74, 12, 6A, 13, 57, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFromTimeIntervalA + 46 77FA5186 88 Bytes [ EB, FF, FF, 8B, F8, E8, E1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 34 77FA51DF 174 Bytes [ 12, 56, 57, 6A, 42, 6A, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + E5 77FA5290 38 Bytes [ 8D, 85, 24, FF, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 119 77FA52C4 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 11B 77FA52C6 32 Bytes [ 6A, 03, 6A, 03, 8D, 85, 4C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFromTimeIntervalW + 13C 77FA52E7 2 Bytes [ 90, 41 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceA + 4B 77FA5FB8 3 Bytes [ 85, 7C, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceA + 4F 77FA5FBC 6 Bytes [ FF, 56, 50, E8, 8C, FC ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceA + 56 77FA5FC3 5 Bytes [ FF, 8D, 85, 7C, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceA + 5C 77FA5FC9 62 Bytes [ FF, 50, FF, 75, 0C, 57, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceA + 9B 77FA6008 15 Bytes [ FF, 6A, 01, 8D, 45, 14, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveArgsA + 2 77FA6F08 19 Bytes [ FF, FF, FF, FF, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveArgsA + 16 77FA6F1C 5 Bytes [ 00, 00, 00, C0, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveArgsA + 1C 77FA6F22 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveArgsA + 30 77FA6F36 3 Bytes [ 00, 00, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveArgsA + 34 77FA6F3A 136 Bytes [ 00, 00, 01, 00, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindSuffixArrayA + 19 77FA6FC4 98 Bytes [ 0C, 8D, 45, FC, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindSuffixArrayA + 7C 77FA7027 70 Bytes [ 8B, DE, 57, FF, 15, 88, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionA + 21 77FA706F 3 Bytes [ 8B, FF, 55 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionA + 25 77FA7073 4 Bytes [ EC, 51, 51, 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionA + 2A 77FA7078 321 Bytes [ 5D, 14, 56, 57, 8B, 7D, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsPrefixA + 1E 77FA71BA 82 Bytes [ 15, 78, 14, F6, 77, 3B, C6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveFileSpecA + 11 77FA720D 114 Bytes [ 56, 68, 88, D3, FC, 77, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsFileSpecA + 6 77FA7280 117 Bytes [ 00, 89, 45, E4, 53, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetDriveNumberA + 2 77FA72F6 5 Bytes [ 75, D0, FF, D6, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetDriveNumberA + 8 77FA72FC 113 Bytes [ D4, FF, D6, FF, 75, B4, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 2 77FA736E 31 Bytes [ 75, B4, FF, 75, B0, FF, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 23 77FA738F 38 Bytes CALL 4EA2A993
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 4A 77FA73B6 7 Bytes [ F8, 89, 44, 0D, D8, FF, D6 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 53 77FA73BF 1 Byte [ F4 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSearchAndQualifyA + 55 77FA73C1 168 Bytes [ D6, 83, 45, FC, 04, 83, 7D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryA + 2 77FA746A 34 Bytes [ FF, 66, 8C, 85, BC, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryA + 25 77FA748D 12 Bytes [ 01, 00, 01, 00, 8B, 45, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryA + 32 77FA749A 19 Bytes [ 8D, 45, 04, 89, 85, EC, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryA + 46 77FA74AE 19 Bytes [ FF, 6A, 14, 59, 33, C0, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryA + 5A 77FA74C2 41 Bytes [ 09, 04, 00, C0, 8B, 45, 04, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnquoteSpacesA + 1D 77FA759B 22 Bytes [ 57, 8B, F0, FF, 15, 00, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnquoteSpacesA + 34 77FA75B2 4 Bytes [ 81, E6, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnquoteSpacesA + 39 77FA75B7 11 Bytes [ 00, 81, CE, 00, 00, 07, 80, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathQuoteSpacesA + 39 77FA75F5 33 Bytes [ 75, 0C, FF, 75, 08, E8, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentA + 7 77FA7617 24 Bytes [ D8, 85, DB, 74, 2A, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentA + 20 77FA7630 3 Bytes [ 8B, F0, 85 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentA + 24 77FA7634 16 Bytes [ 75, 07, 8B, 45, 14, 89, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentA + 35 77FA7645 20 Bytes [ 03, 6A, 0E, 5E, 85, F6, 7E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentA + 4A 77FA765A 45 Bytes [ C6, 5E, 5B, C9, C2, 10, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMatchSpecA + 2 77FA778A 95 Bytes [ 75, 0C, FF, 75, 08, 57, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSkipRootA + 12 77FA77EA 77 Bytes CALL 77F82BE8 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSkipRootA + 60 77FA7838 19 Bytes [ 00, 53, 6A, 40, 89, 5D, F4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSameRootA + F 77FA784C 10 Bytes [ 39, 7D, FC, 74, 1B, 8B, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSameRootA + 1A 77FA7857 53 Bytes [ 8B, F8, 8B, C1, C1, E9, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsURLA + 8 77FA788D 50 Bytes [ 3B, 08, 75, 13, 6A, 00, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeA + 4 77FA78C0 16 Bytes [ FB, 8B, 5D, F4, 89, 45, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeA + 15 77FA78D1 13 Bytes [ 20, 85, FF, 74, 51, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeA + 23 77FA78DF 3 Bytes [ 8E, FE, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeA + 27 77FA78E3 41 Bytes [ 39, 5D, 18, 89, 45, 20, 76, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeA + 52 77FA790E 15 Bytes [ 75, 08, 39, 4D, 14, 75, 03, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeA + C 77FA7948 158 Bytes [ F3, 74, 6B, 8B, 45, 0C, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeA + AC 77FA79E8 160 Bytes [ 14, 53, 8B, 5D, 18, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeA + 14D 77FA7A89 17 Bytes [ 85, B4, FE, FF, FF, 0F, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeA + 15F 77FA7A9B 40 Bytes [ FF, 8D, 85, BC, FE, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeA + 189 77FA7AC5 1 Byte [ B0 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnmakeSystemFolderA + 1C 77FA7B47 184 Bytes [ B5, B4, FE, FF, FF, E8, 8C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateA + 18 77FA7C00 78 Bytes CALL 77FA7665 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateA + 67 77FA7C4F 34 Bytes [ 15, 88, 14, F6, 77, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateA + 8A 77FA7C72 252 Bytes [ 65, 49, 6E, 66, 6F, 5C, 30, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateA + 187 77FA7D6F 6 Bytes [ 07, 80, 74, 41, 3B, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateA + 18E 77FA7D76 52 Bytes [ 0C, 3B, D3, 75, 05, 39, 5D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyA + 1 77FA7F4E 78 Bytes [ 35, D8, 11, F6, 77, 57, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyA + 50 77FA7F9D 7 Bytes [ 5D, C2, 08, 00, 33, C0, 40 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyA + 63 77FA7FB0 1 Byte [ 83 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyA + 65 77FA7FB2 51 Bytes [ 0C, 53, 56, 33, F6, 39, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyA + 99 77FA7FE6 60 Bytes [ D7, 8B, 75, F8, 3B, F0, 7C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveBlanksA + 33 77FA811B 25 Bytes [ D8, 8B, CB, 2B, 4D, 0C, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveBlanksA + 4D 77FA8135 84 Bytes [ 85, C0, 74, 16, 80, 3F, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveBackslashA + 45 77FA818A 14 Bytes [ 10, 00, 5F, EB, 02, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveBackslashA + 57 77FA819C 9 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootA + 9 77FA81A6 9 Bytes [ 74, 27, 39, 45, 0C, 74, 22, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootA + 13 77FA81B0 5 Bytes [ 75, 08, FF, 75, 0C ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootA + 19 77FA81B6 2 Bytes [ DD, FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootA + 1D 77FA81BA 45 Bytes [ FF, 75, 08, 8B, F0, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsNetworkPathA + 19 77FA81E8 3 Bytes [ 94, 9D, FC ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsNetworkPathA + 1D 77FA81EC 33 Bytes [ 85, C0, 75, 03, 8B, 45, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripPathA + 7 77FA820E 76 Bytes [ C7, 8B, F7, 74, 29, 8A, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + 27 77FA825B 32 Bytes [ 38, 46, 01, 74, 0F, 88, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + 48 77FA827C 27 Bytes [ 55, 8B, EC, 8B, 45, 08, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + 64 77FA8298 91 Bytes [ 15, EC, 17, F6, 77, 8A, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryEmptyA + C0 77FA82F4 82 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathA + 4A 77FA8347 2 Bytes [ 55, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathA + 4D 77FA834A 34 Bytes [ 8B, 45, 08, EB, 0F, 80, 38, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathA + 70 77FA836D 25 Bytes [ FF, 55, 8B, EC, 56, 33, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathA + 8A 77FA8387 24 Bytes [ 74, 4D, 68, E0, 73, FA, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCompactPathA + A3 77FA83A0 29 Bytes [ 6A, 00, FF, 75, 08, 6A, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + 5D 77FA8612 13 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + 6B 77FA8620 2 Bytes [ 74, 28 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + 6E 77FA8623 1 Byte [ 5C ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSetDlgItemPathA + D2 77FA8687 387 Bytes [ 00, 00, 3C, 3F, 74, 4E, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 109 77FA880B 91 Bytes [ F0, 85, F6, 74, 21, 46, EB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 165 77FA8867 145 Bytes [ 0C, 2B, F7, 40, 3B, F0, 7F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 1F7 77FA88F9 15 Bytes [ 51, 56, 50, 6A, 0E, 56, C7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 214 77FA8916 46 Bytes [ FE, FF, FF, 50, FF, 15, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderA + 243 77FA8945 19 Bytes [ 83, F8, 3B, 7F, 27, 74, 20, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToA + 27 77FA8EA1 16 Bytes [ 15, 6C, 14, F6, 77, 8B, D8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToA + 38 77FA8EB2 32 Bytes [ 8D, 85, F8, FE, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToA + 59 77FA8ED3 30 Bytes [ 15, EC, 11, F6, 77, EB, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToA + 78 77FA8EF2 12 Bytes [ 55, 8B, EC, 6A, 00, 6A, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToA + 85 77FA8EFF 2 Bytes [ FF, FF ].text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetThreadRef + 1B8 77F7B160 19 Bytes [ 45, 00, 64, 00, 69, 00, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetThreadRef + 1CC 77F7B174 15 Bytes [ 4E, 00, 6F, 00, 41, 00, 63, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetThreadRef + 1DC 77F7B184 33 Bytes [ 74, 00, 65, 00, 48, 00, 61, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateShellPalette + B 77F7B69B 19 Bytes [ 00, F6, 45, 08, 10, 0F, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateShellPalette + 1F 77F7B6AF 38 Bytes [ 85, 79, FD, FF, FF, 8B, F2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateShellPalette + 5B 77F7B6EB 2 Bytes [ FF, 8D ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateShellPalette + 5E 77F7B6EE 2 Bytes [ F4, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateShellPalette + 8F 77F7B71F 22 Bytes [ 89, 45, FC, 56, FF, 15, 70, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringW + 37 77F7B7D8 59 Bytes [ C9, C2, 04, 00, 83, 26, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringW + 73 77F7B814 61 Bytes [ EC, 14, A1, 80, D2, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringW + B1 77F7B852 14 Bytes [ 50, FF, 15, 38, 14, F6, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringW + C0 77F7B861 5 Bytes [ D7, FC, 77, 74, 11 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 2 77F7B867 133 Bytes [ 15, 90, D7, FC, 77, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 8A 77F7B8EF 6 Bytes [ 8B, FF, 55, 8B, EC, 83 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 91 77F7B8F6 189 Bytes [ 48, A1, 80, D2, FC, 77, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueA + 153 77F7B9B8 43 Bytes [ B8, 04, D1, FC, 77, EB, D7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrA 77F7B9E5 74 Bytes [ 90, 90, 90, B8, 00, D1, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrA + 4B 77F7BA30 92 Bytes [ 15, 34, 14, F6, 77, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripPathW + 13 77F7BB13 22 Bytes [ 68, 2C, AB, F7, 77, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripPathW + 2C 77F7BB2C 153 Bytes [ 51, 75, 65, 75, 65, 55, 73, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 5E 77F7BBC6 50 Bytes [ 57, 57, 57, 57, FF, 15, 3C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 91 77F7BBF9 64 Bytes [ 00, C7, 46, 34, 80, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamA + D5 77F7BC3D 10 Bytes [ 90, B8, 50, D1, FC, 77, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamA + E0 77F7BC48 108 Bytes [ 90, 90, 90, 90, 90, B8, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStreamA + 14D 77F7BCB5 80 Bytes [ D6, 85, C0, 7C, 0A, 83, 7D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentW + 16 77F7BE3B 1 Byte [ 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindNextComponentW + 18 77F7BE3D 49 Bytes [ 85, F8, FE, FF, FF, 50, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToW + 2 77F7BE6F 12 Bytes CALL 60F7BE71
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToW + 26 77F7BE93 30 Bytes [ 8B, 07, 57, FF, 50, 08, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToW + 5C 77F7BEC9 182 Bytes [ FF, 90, 90, 90, 90, 90, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToW + 113 77F7BF80 5 Bytes [ 15, 00, D1, FC, 77 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRelativePathToW + 119 77F7BF86 14 Bytes [ 75, 0C, 6A, 00, 56, 53, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeW 77F7C132 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeW + 4 77F7C136 10 Bytes [ FF, 55, 8B, EC, 81, EC, 1C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeW + F 77F7C141 127 Bytes [ 3D, 84, D2, FC, 77, 00, A1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetCharTypeW + 8F 77F7C1C1 27 Bytes [ 84, 54, 43, 01, 00, 66, 39, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLockShared + A 77F7C1DD 23 Bytes [ 0F, B7, 14, 57, EB, EE, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLockShared + 22 77F7C1F5 21 Bytes [ 08, 8B, 55, 08, 0F, B7, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLockShared + 38 77F7C20B 58 Bytes [ 50, 56, FF, 75, 0C, 57, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLockShared + 74 77F7C247 23 Bytes [ 08, 8D, 45, D8, 50, FF, 76, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteValueW + 4 77F7C291 58 Bytes [ 5D, 2C, 56, 8B, 75, 10, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteValueW + 3F 77F7C2CC 14 Bytes [ 15, F4, 15, F6, 77, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteValueW + 4E 77F7C2DB 16 Bytes [ FF, C9, C2, 30, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteValueW + 5F 77F7C2EC 36 Bytes [ 54, 04, 00, 00, 83, 3D, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteValueW + A9 77F7C336 27 Bytes [ 08, 8B, 4E, 04, 8B, 5E, 0C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 4 77F7C3FB 12 Bytes [ D8, 85, DB, 0F, 84, F7, AB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 11 77F7C408 43 Bytes [ 18, A1, 84, D7, FC, 77, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeW + 3D 77F7C434 143 Bytes [ F6, 77, 89, 45, D0, EB, 81, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeW + CD 77F7C4C4 42 Bytes [ 8B, F8, 85, FF, 0F, 84, 6D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatByteSizeW + F8 77F7C4EF 69 Bytes [ 51, 52, 50, 68, E4, 8F, FC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathW + A 77F7D308 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathW + 25 77F7D323 70 Bytes [ 77, 89, 45, FC, 8B, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCreateFromPathW + 6C 77F7D36A 129 Bytes [ 75, 10, 8B, 46, 38, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 11 77F7D3EC 11 Bytes [ C6, 5E, C9, C2, 08, 00, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 1D 77F7D3F8 33 Bytes [ FF, 55, 8B, EC, 81, EC, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 3F 77F7D41A 65 Bytes [ 00, 8B, 55, 0C, 85, D2, 7F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueA + 81 77F7D45C 74 Bytes [ FF, FF, 83, BD, 68, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumValueW + B 77F7D4A8 64 Bytes CALL D1CA07B7
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumValueW + 79 77F7D516 51 Bytes [ FF, FF, 50, 8B, 85, 68, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumValueW + AD 77F7D54A 6 Bytes [ 4D, FC, 8B, 85, 64, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumValueW + BA 77F7D557 384 Bytes [ C9, C2, 10, 00, 90, 03, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAutoComplete + 14D 77F7D6D8 62 Bytes [ 33, ED, 8B, 44, 24, 14, 0B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAutoComplete + 18C 77F7D717 104 Bytes [ C8, 8B, C6, F7, 64, 24, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAutoComplete + 1FF 77F7D78A 37 Bytes [ 8D, 45, F0, 89, 45, 98, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAutoComplete + 229 77F7D7B4 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAutoComplete + 22B 77F7D7B6 7 Bytes [ 85, C0, 0F, 84, D9, 2C, 01 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 41 77F7EF06 163 Bytes [ FC, 77, BC, DF, F7, 77, BC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlW + E5 77F7EFAA 357 Bytes [ 43, 61, 63, 68, 65, 45, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 24B 77F7F110 72 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 294 77F7F159 446 Bytes [ 79, 73, 74, 65, 6D, 54, 69, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlW + 453 77F7F318 41 Bytes [ 49, 6E, 69, 74, 69, 61, 6C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeW 77F7F44C 323 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlUnescapeW + 144 77F7F590 132 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCanonicalizeW + 84 77F7F615 203 Bytes [ 90, 90, 90, 49, 6E, 74, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineW + 48 77F7F6E1 449 Bytes [ 6E, 64, 52, 65, 71, 75, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineW + 20B 77F7F8A4 17 Bytes [ 46, 74, 70, 46, 69, 6E, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineW + 21D 77F7F8B6 15 Bytes [ 90, 90, 46, 74, 70, 44, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineW + 22D 77F7F8C6 88 Bytes [ 00, 90, 46, 74, 70, 44, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineW + 286 77F7F91F 25 Bytes [ 90, 46, 69, 6E, 64, 4E, 65, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatKBSizeW + 12 77F7FBE3 41 Bytes [ 08, 50, FF, 51, 08, 39, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatKBSizeW + 3C 77F7FC0D 122 Bytes [ F1, 89, 46, 10, 8B, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatKBSizeW + B7 77F7FC88 59 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatKBSizeW + F3 77F7FCC4 30 Bytes [ 71, 14, FF, 75, 08, FF, 71, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrFormatKBSizeW + 113 77F7FCE4 52 Bytes [ 05, ED, F7, 77, 49, EE, F7, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSkipJunction + 38 77F80128 37 Bytes [ FF, 8B, D8, 66, 8B, 03, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSkipJunction + 5E 77F8014E 13 Bytes [ 00, 83, F8, 02, 0F, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSkipJunction + 6C 77F8015C 2 Bytes CALL FDF80089
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSkipJunction + 72 77F80162 26 Bytes [ 74, 07, 81, 4F, 24, 00, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSkipJunction + 8D 77F8017D 7 Bytes [ 53, 8B, CE, E8, C3, 28, FF ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNA + 17 77F809CC 20 Bytes [ E0, 53, 33, DB, 6A, 02, 43, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNA + 2C 77F809E1 157 Bytes CALL 7CE04FDC C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNA + CA 77F80A7F 30 Bytes JMP AE7D1985
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNA + E9 77F80A9E 13 Bytes CALL 77F808A4 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNA + F7 77F80AAC 11 Bytes [ E0, 85, C0, 74, 05, 8B, 4D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyW + 7 77F80BE3 81 Bytes [ 7D, 10, 85, FF, 89, 45, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyW + 59 77F80C35 7 Bytes [ 75, 14, 57, E8, B9, 96, FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyW + 61 77F80C3D 4 Bytes [ 83, C4, 10, 5E ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyW + 66 77F80C42 29 Bytes [ 4D, FC, 8B, C7, 5F, E8, D4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakePrettyW + 84 77F80C60 48 Bytes [ 00, 8B, 44, 24, 1C, 0B, C0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindExtensionA + 7 77F80F05 157 Bytes [ 0C, 50, 89, 3E, 66, 89, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathSearchAndQualifyW + 61 77F80FA4 17 Bytes [ 3D, 01, 00, 00, 80, 0F, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkW + 64 77F8100D 21 Bytes [ 15, 38, 14, F6, 77, A3, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkW + 7A 77F81023 192 Bytes [ 66, A1, 78, D9, FC, 77, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkW + 158 77F81101 56 Bytes [ 45, 08, 85, C0, 74, 17, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkW + 191 77F8113A 17 Bytes [ 6E, 00, 64, 00, 69, 00, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrPBrkW + 1A3 77F8114C 26 Bytes [ 49, 00, 44, 00, 00, 00, 33, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 16 77F8138E 24 Bytes [ 50, 8D, 85, F4, EF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 2F 77F813A7 27 Bytes [ 85, C0, 75, 57, 8D, 85, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 4C 77F813C4 15 Bytes CALL 77F814DC C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 5C 77F813D4 17 Bytes [ 50, 8D, 85, F4, EF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsSystemFolderA + 6F 77F813E7 32 Bytes CALL 77F814DC C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrNCatA + 4 77F81523 55 Bytes [ 3D, 88, 14, F6, 77, C7, 06, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrNCatA + 3C 77F8155B 60 Bytes [ 55, 8B, EC, 56, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrNCatA + 7B 77F8159A 4 Bytes [ 10, 8B, 46, 2C ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrNCatA + 81 77F815A0 17 Bytes [ 0C, 8B, 08, FF, 75, 08, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrNCatA + 95 77F815B4 58 Bytes [ B8, D4, D0, FC, 77, E9, 31, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeW + B 77F81990 67 Bytes [ 85, C0, 0F, 84, 85, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeW + 4F 77F819D4 5 Bytes [ 15, B0, 11, F6, 77 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeW + 55 77F819DA 16 Bytes [ C0, 74, 0A, 80, 7D, EE, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeW + 70 77F819F5 4 Bytes [ 4D, FC, 5F, 5E ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlEscapeW + 76 77F819FB 1 Byte [ 36 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationA + 65 77F81E72 6 Bytes [ 89, BD, EC, FD, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationA + 6C 77F81E79 3 Bytes [ 6B, 06, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationA + 70 77F81E7D 31 Bytes [ 3B, C6, 89, 85, E0, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationA + 90 77F81E9D 48 Bytes CALL 77F81E9F C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationA + C2 77F81ECF 126 Bytes CALL 77F81E18 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationW + 2 77F824F9 23 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationW + 1A 77F82511 2 Bytes [ 7E, 05 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationW + 1E 77F82515 69 Bytes [ 66, 8B, 00, 5E, C3, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationW + 64 77F8255B 50 Bytes [ 33, C0, 40, C3, 33, C0, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetLocationW + 97 77F8258E 10 Bytes [ 83, 7D, 1C, 00, 0F, 84, 78, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCA + 4E 77F82DFC 31 Bytes [ FE, FF, FF, F7, D8, 1B, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCA + 6E 77F82E1C 56 Bytes [ 75, 08, 89, 45, FC, 57, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCA + A7 77F82E55 16 Bytes CALL 77F82C97 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCA + B8 77F82E66 53 Bytes [ F8, 09, 0F, 94, C1, 51, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCA + EE 77F82E9C 17 Bytes [ FF, 8B, F0, 85, F6, 0F, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlA + 3D 77F82F02 4 Bytes [ 5E, 5D, C2, 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlA + 42 77F82F07 159 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlA + E2 77F82FA7 4 Bytes [ EB, 65, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCreateFromUrlA + E9 77F82FAE 34 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeW + B 77F82FFC 61 Bytes [ 66, 83, 3E, 08, 0F, 84, 88, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeW + 49 77F8303A 44 Bytes CALL 77F82EE7 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeW + 76 77F83067 93 Bytes [ FF, FF, 8B, 46, 1C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeW + D4 77F830C5 55 Bytes CALL 77F8036C C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsContentTypeW + 14C 77F8313D 5 Bytes [ 57, E8, 3C, 4C, FE ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsOpaqueW + 19 77F8317B 63 Bytes [ 6A, 02, 59, 2B, C1, 0F, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsOpaqueW + 59 77F831BB 34 Bytes [ FF, B5, 1C, FD, FF, FF, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatBuffA + 1C 77F831F8 11 Bytes JMP 77F807B3 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatBuffA + 28 77F83204 42 Bytes [ 55, 8B, EC, 81, EC, 98, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatBuffA + 53 77F8322F 7 Bytes [ B0, FE, FF, 8D, 8D, 70, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatBuffA + 88 77F83264 4 Bytes [ 8C, 95, 23, 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatBuffA + 8D 77F83269 44 Bytes [ 68, B0, 1E, F8, 77, FF, 75, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCServerA + 6 77F8354F 24 Bytes [ FF, 55, 8B, EC, 8D, 45, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCServerA + 20 77F83569 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCServerA + 45 77F8358E 43 Bytes [ 75, 08, 50, FF, 75, 0C, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCServerA + 71 77F835BA 71 Bytes [ EC, 0F, B7, 4D, 08, 8B, C1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCServerA + BB 77F83604 71 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!HashData + 82 77F83814 310 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareW + 2E 77F8394B 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareW + 39 77F83956 60 Bytes [ 75, 0C, 68, 9D, 29, F8, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareW + 76 77F83993 135 Bytes [ 25, 10, 15, F6, 77, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareW + FE 77F83A1B 50 Bytes [ FF, 90, 90, 90, 90, 90, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCompareW + 131 77F83A4E 17 Bytes [ 41, 41, 66, 8B, 01, 66, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetInverseCMAP + 2 77F841C6 14 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetInverseCMAP + 11 77F841D5 168 Bytes [ EB, F1, 90, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetInverseCMAP + BC 77F84280 15 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetInverseCMAP + CC 77F84290 239 Bytes [ 84, C8, CE, 00, 00, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetInverseCMAP + 1BC 77F84380 35 Bytes [ 15, 38, 14, F6, 77, 33, C9, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrIA + 5B2 77F8C9D0 541 Bytes [ 94, 94, 94, 94, 94, 94, B7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesW + 1AC 77F8CBEE 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetAcceptLanguagesW + 1AE 77F8CBF0 408 Bytes [ 8F, 8F, 8F, 8F, 8F, 8F, AB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrNCatW + E4 77F8CD89 565 Bytes [ 53, 75, 75, 75, 16, 16, 16, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateW + 15A 77F8CFBF 134 Bytes [ FD, F9, F9, F9, 41, 41, 41, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateW + 1E1 77F8D046 752 Bytes [ 47, 47, 47, 47, 6A, 6A, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateW + 4D2 77F8D337 399 Bytes [ C3, C3, C3, C3, 1B, F4, F4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateW + 662 77F8D4C7 20 Bytes [ EC, 81, EC, 38, 02, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUndecorateW + 677 77F8D4DC 34 Bytes [ 75, 10, 89, 45, FC, 0F, 84, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorAdjustLuma + 5B 77FA11D7 87 Bytes [ 90, 43, 65, 72, 74, 43, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorAdjustLuma + B4 77FA1230 43 Bytes [ 40, 01, 00, 00, 64, 82, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorAdjustLuma + E0 77FA125C 35 Bytes [ 98, 82, FC, 77, 49, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorAdjustLuma + 104 77FA1280 181 Bytes [ 51, 01, 00, 00, 98, 82, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorAdjustLuma + 1BA 77FA1336 41 Bytes [ FC, 77, 70, 03, FA, 77, 98, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCopyKeyA + 10 77FA14FC 151 Bytes [ 27, 7D, FC, 77, C4, 07, FA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCopyKeyA + A8 77FA1594 445 Bytes [ 27, 7D, FC, 77, 3C, 06, FA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCopyKeyW 77FA1752 22 Bytes [ 90, 90, 43, 41, 45, 6E, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCopyKeyW + 17 77FA1769 144 Bytes [ 6D, 43, 65, 72, 74, 54, 79, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteEmptyKeyW + 1D 77FA17FA 17 Bytes [ 00, 00, 27, 7D, FC, 77, DB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteEmptyKeyW + 2F 77FA180C 7 Bytes [ 1F, 7D, FC, 77, 30, 08, FA ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteEmptyKeyW + 37 77FA1814 282 Bytes [ C4, 78, FC, 77, 20, 08, FA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryInfoKeyA + 9D 77FA192F 92 Bytes [ 77, 2C, 0A, FA, 77, 98, 82, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryInfoKeyA + FA 77FA198C 89 Bytes [ 53, 64, 62, 52, 65, 61, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDeleteUSValueA + 57 77FA19E6 15 Bytes [ 69, 6F, 6E, 00, 90, 90, 53, … ].text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddBackslashA + 86 77F71253 199 Bytes [ 61, 63, 68, 00, 90, 44, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 4E 77F7131B 17 Bytes [ 90, 44, 6E, 73, 4E, 61, 6D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 60 77F7132D 251 Bytes [ 90, 90, 90, 44, 6E, 73, 4E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIA + 3 77F71429 533 Bytes [ 49, 50, 72, 6F, 6D, 70, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIA + 219 77F7163F 94 Bytes [ 77, 17, 00, 00, 00, 15, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIA + 278 77F7169E 27 Bytes [ F7, 77, 81, 00, 00, 00, 98, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIA + 295 77F716BB 14 Bytes [ 00, A9, 76, FC, 77, 86, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIA + 2A4 77F716CA 14 Bytes [ 00, 00, D2, 82, FC, 77, 88, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrA + 4D 77F7228D 20 Bytes [ FB, F3, A5, 33, FF, E9, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrA + 62 77F722A2 14 Bytes [ 3B, C7, 89, 45, 10, 0F, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrA + 71 77F722B1 79 Bytes [ FF, 51, FF, B3, 10, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueW + 2B 77F72302 24 Bytes [ 14, FF, 75, 10, FF, 75, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueW + 44 77F7231B 4 Bytes [ 85, FF, 75, 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueW + 49 77F72320 62 Bytes [ C0, 0F, 85, 4D, D2, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegWriteUSValueW + 88 77F7235F 5 Bytes [ 18, FF, 75, 14, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSKeyW + 17 77F723D2 30 Bytes [ 5D, 08, 56, 8B, 75, 20, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSKeyW + 36 77F723F1 11 Bytes [ 89, 95, C4, FB, FF, FF, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSKeyW + 42 77F723FD 52 Bytes [ 52, 56, FF, B5, C8, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegEnumUSKeyW + 77 77F72432 66 Bytes [ 0C, 33, C0, 39, 05, 84, D2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumKeyExW + 31 77F72483 32 Bytes [ 8B, CA, 8B, C2, EB, E8, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumKeyExW + 52 77F724A4 58 Bytes [ 15, B8, 11, F6, 77, 8B, 35, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHEnumKeyExW + 8D 77F724DF 4 Bytes [ 90, 76, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 5 77F724ED 21 Bytes [ 81, EC, 38, 02, 00, 00, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 1C 77F72504 46 Bytes [ 18, 89, 95, E0, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 4B 77F72533 3 Bytes [ 8B, 55, 30 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 4F 77F72537 15 Bytes [ 8B, 75, 08, 89, 95, D0, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueA + 5F 77F72547 10 Bytes [ 45, 0C, 57, 8B, 7D, 10, 89, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddExtensionW + 18 77F7265F 8 Bytes [ 55, 8B, EC, 81, EC, 1C, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddExtensionW + 21 77F72668 49 Bytes [ 83, 3D, 84, D2, FC, 77, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddExtensionW + 54 77F7269B 10 Bytes [ C9, C2, 08, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddExtensionW + 5F 77F726A6 32 Bytes [ 55, 8B, EC, 8B, 55, 08, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddExtensionW + 80 77F726C7 2 Bytes [ 01, 00 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceW 77F72BFD 82 Bytes [ 90, 90, 6A, 00, 6A, 23, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceW + 53 77F72C50 28 Bytes [ 0F, 84, 44, 0E, 01, 00, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceW + 71 77F72C6E 21 Bytes [ 33, C0, 40, EB, C6, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceW + 87 77F72C84 7 Bytes [ 48, 75, 2F, E9, 5A, D2, 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IsCharSpaceW + 8F 77F72C8C 25 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineA + 1C 77F739E4 5 Bytes [ 00, 00, 00, 00, 26 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineA + 22 77F739EA 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineA + 31 77F739F9 36 Bytes [ 56, 57, 58, 00, 13, 59, 59, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineA + 58 77F73A20 65 Bytes [ 00, 00, 5F, 00, 60, 06, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCombineA + 9B 77F73A63 255 Bytes [ 00, 00, 00, 00, 7B, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlCanonicalizeA + 33 77F73BB0 153 Bytes [ 00, 00, 00, 00, 71, CA, CB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueA + 57 77F73C4A 12 Bytes [ 3F, FC, FF, FF, FF, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueA + 64 77F73C57 28 Bytes [ 00, 40, D7, FF, FF, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueA + 81 77F73C74 13 Bytes [ 9F, 19, FF, FF, FF, CF, 3F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueA + 8F 77F73C82 8 Bytes [ 7F, 00, FE, FF, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueA + 98 77F73C8B 13 Bytes [ 00, FF, 07, 07, 00, FE, 07, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntA + 12 77F73D9F 45 Bytes [ 00, 00, 00, 04, 00, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntA + 40 77F73DCD 10 Bytes [ 00, D0, FF, 0E, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntA + 4B 77F73DD8 1 Byte [ 3C ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntA + 4D 77F73DDA 1 Byte [ 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntA + 4F 77F73DDC 1 Byte [ 00 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyW + 5 77F742F1 46 Bytes [ 30, 8B, 45, 0C, 89, 45, D4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyW + 34 77F74320 3 Bytes [ 8D, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyW + 3A 77F74326 1 Byte [ 14 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyW + 46 77F74332 84 Bytes [ 8B, 45, 08, 85, C0, 56, BE, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyW + 9B 77F74387 75 Bytes [ 3F, 00, 75, 13, 83, 7E, 40, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetMenuPosFromID + 32 77F74643 6 Bytes [ 90, 42, 00, 61, 00, 67 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetMenuPosFromID + 39 77F7464A 1 Byte [ 73 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetMenuPosFromID + 3B 77F7464C 58 Bytes [ 5C, 00, 41, 00, 6C, 00, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!GetMenuPosFromID + 76 77F74687 90 Bytes [ 55, 8B, EC, 81, EC, 5C, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCSpnW + 27 77F746E2 28 Bytes [ B5, AC, FD, FF, FF, 56, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThread + 21 77F7471F 1 Byte [ E8 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThread + 23 77F74721 20 Bytes [ D0, 00, 00, 8B, F0, 85, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThread + 38 77F74736 29 Bytes [ 15, 70, D1, FC, 77, 8B, F0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThread + 56 77F74754 23 Bytes [ FF, FF, FF, B5, 74, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThread + 6E 77F7476C 21 Bytes [ 0F, 84, F5, 22, 02, 00, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + B 77F749EA 31 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 2B 77F74A0A 21 Bytes [ 85, C8, FB, FF, FF, 8B, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 41 77F74A20 11 Bytes [ 20, 85, DE, 57, 8B, 7D, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 4D 77F74A2C 5 Bytes [ FF, 74, 0A, F7, C3 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyW + 55 77F74A34 8 Bytes [ 04, 74, 02, 33, DE, 8D, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 3B 77F74A82 20 Bytes [ 81, A5, C8, FB, FF, FF, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 50 77F74A97 17 Bytes [ B5, 90, FE, FF, FF, 8D, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 62 77F74AA9 42 Bytes [ FF, B5, 1C, FF, FF, FF, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 8D 77F74AD4 120 Bytes [ 50, 8D, 85, A4, FB, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCreateUSKeyA + 10B 77F74B52 69 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThreadRef + D 77F75025 35 Bytes [ 50, 68, 01, 00, 00, 80, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThreadRef + 6B 77F75083 25 Bytes [ FF, 51, 6A, 00, 89, 45, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThreadRef + 85 77F7509D 37 Bytes [ FF, 85, C0, 75, 74, 83, BD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThreadRef + B3 77F750CB 26 Bytes [ F8, 85, FF, 7C, 2A, 68, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateThreadRef + CE 77F750E6 82 Bytes [ 8D, 85, 5C, FF, FF, FF, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyA + A2 77F7590B 5 Bytes [ 57, E8, 47, 74, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyA + 131 77F7599A 41 Bytes [ 8B, 45, FC, 89, 45, 08, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyA + 18C 77F759F5 60 Bytes [ 7D, 14, 33, C9, 51, 51, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHDeleteKeyA + 1C9 77F75A32 22 Bytes [ 00, 00, 8B, 4D, FC, 5F, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindOnPathW + 12 77F75A49 18 Bytes [ 55, 8B, EC, 81, EC, 18, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindOnPathW + 25 77F75A5C 70 Bytes [ 8B, 75, 10, 57, 89, 45, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindOnPathW + 6C 77F75AA3 38 Bytes [ FF, 0F, 84, 1B, 07, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindOnPathW + 93 77F75ACA 48 Bytes [ B5, F4, FE, FF, FF, 8D, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindOnPathW + C4 77F75AFB 26 Bytes [ 89, 18, 0F, 84, 69, 9B, 01, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegSetUSValueW + 7 77F75DEA 196 Bytes [ FF, FF, 85, C0, 0F, 85, C6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorRGBToHLS + 80 77F75EAF 21 Bytes [ 10, F6, 77, 8B, 45, FC, 5F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorRGBToHLS + 96 77F75EC5 104 Bytes [ EC, 83, EC, 50, A1, 80, D2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorHLSToRGB + 54 77F75F2E 38 Bytes [ 45, 08, 8B, 08, 0F, 84, EB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorHLSToRGB + 7B 77F75F55 12 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorHLSToRGB + 88 77F75F62 71 Bytes [ 08, 57, FF, 76, 04, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorHLSToRGB + D0 77F75FAA 7 Bytes [ FF, 75, 0C, FF, 75, 08, 68 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ColorHLSToRGB + 10A 77F75FE4 26 Bytes [ 75, 08, FF, 35, 78, D6, FC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCA + 1B 77F762A8 36 Bytes [ A1, 80, D2, FC, 77, 57, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCA + 40 77F762CD 8 Bytes [ 00, 00, FF, 15, EC, 13, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCA + 49 77F762D6 8 Bytes [ 4D, FC, 33, C0, 83, BD, 78, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsUNCA + 52 77F762DF 149 Bytes [ FF, 02, 5F, 0F, 94, C0, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeA + 32 77F76375 20 Bytes [ F5, FE, FF, F6, 05, 30, D3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeA + 47 77F7638A 5 Bytes [ 0F, 87, A8, F5, FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeA + 92 77F763D5 34 Bytes [ 00, 50, 56, FF, 75, 10, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeA + B7 77F763FA 36 Bytes [ EB, F8, 25, 00, 64, 00, 78, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeA + DC 77F7641F 55 Bytes [ 85, C0, 0F, 84, 69, 03, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAppendA + 3 77F76457 35 Bytes [ F7, 77, A3, AC, D8, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAppendA + 27 77F7647B 25 Bytes [ D6, 3B, C3, A3, 8C, D8, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAppendA + 41 77F76495 71 Bytes [ D8, FC, 77, 0F, 84, B7, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineA + 45 77F764DD 20 Bytes [ 68, 28, 55, F7, 77, 57, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineA + 5A 77F764F2 193 Bytes [ 68, 14, 55, F7, 77, 57, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineA + 11C 77F765B4 57 Bytes [ 74, 2E, 8B, 75, 10, 85, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsRelativeA + 37 77F765F0 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsRelativeA + 3E 77F765F7 130 Bytes [ 10, 02, 00, 00, A1, 80, D2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsRelativeA + C1 77F7667A 2 Bytes [ 00, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsRelativeA + C4 77F7667D 13 Bytes [ C0, 7C, 22, 53, 68, CC, 51, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsRelativeA + D2 77F7668B 20 Bytes [ FF, 83, C7, 04, 57, 8D, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 17 77F77515 7 Bytes [ FF, D3, 8D, 85, F8, FE, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 31 77F7752F 1 Byte [ FC ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 33 77F77531 19 Bytes [ 2B, F8, FF, 15, 6C, 14, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 47 77F77545 7 Bytes [ FF, D3, 8B, BD, F0, FE, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileEx + 4F 77F7754D 11 Bytes [ 80, BD, F8, FE, FF, FF, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsURLW + 4A 77F77AC3 33 Bytes [ 94, C0, 40, 50, 68, 80, D8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsURLW + 6C 77F77AE5 85 Bytes [ 83, 3D, 80, D8, FC, 77, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsURLW + C3 77F77B3C 35 Bytes [ 66, 8B, C6, 5E, C3, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsURLW + F2 77F77B6B 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsURLW + F9 77F77B72 22 Bytes [ 55, 8B, EC, 81, EC, 48, 07, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsW + 1D 77F77BB1 1 Byte [ C0 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsW + 1F 77F77BB3 5 Bytes [ B5, B8, F8, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsW + 25 77F77BB9 34 Bytes [ 57, 56, 0F, 85, 84, A9, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsW + 48 77F77BDC 37 Bytes [ 33, FF, 47, 83, 7D, E4, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlIsW + 6E 77F77C02 11 Bytes [ FF, 66, C7, 06, 2D, 00, 46, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLoadIndirectString 77F77D96 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLoadIndirectString + 4 77F77D9A 15 Bytes [ FF, 55, 8B, EC, 51, 83, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLoadIndirectString + 14 77F77DAA 20 Bytes [ C7, 83, E0, 03, 8B, D8, 4B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLoadIndirectString + 29 77F77DBF 4 Bytes [ 07, 80, 03, DA ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHLoadIndirectString + 2E 77F77DC4 36 Bytes [ 19, 00, 02, 00, 0F, 88, B7, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameA + 2 77F78086 6 Bytes [ 75, 0C, FF, 75, 18, 0F ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameA + 9 77F7808D 42 Bytes [ A8, C5, FF, FF, 68, AC, 70, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameA + 34 77F780B8 82 Bytes [ 64, 00, 5C, 00, 25, 00, 73, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameA + 87 77F7810B 11 Bytes [ FE, FF, 8B, F0, 85, F6, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameA + 93 77F78117 6 Bytes [ 30, 68, DC, 71, F7, 77 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryW + 1D 77F78566 2 Bytes [ 5C, D0 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryW + 21 77F7856A 41 Bytes [ 3B, C6, 59, 0F, 84, 9F, EA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryW + 4C 77F78595 1 Byte [ 18 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryW + 4E 77F78597 4 Bytes [ 90, 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsDirectoryW + 53 77F7859C 242 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIW + 12 77F7916F 75 Bytes [ 0F, 85, 64, DE, FF, FF, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIW + 5F 77F791BC 2 Bytes [ 22, 49 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIW + 63 77F791C0 13 Bytes [ 83, F9, 20, 0F, 85, 04, 49, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIW + 71 77F791CE 44 Bytes [ 00, B9, 00, 10, 00, 00, 23, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRStrIW + 9E 77F791FB 7 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocIsDangerous + 21 77F795B4 58 Bytes [ 75, 0C, 03, C6, 89, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocIsDangerous + 71 77F79604 7 Bytes [ 75, 18, FF, 75, 14, 6A, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocIsDangerous + 85 77F79618 20 Bytes [ 15, 00, 10, F6, 77, 85, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocIsDangerous + 9A 77F7962D 40 Bytes [ 49, 49, 0F, 84, 7C, 12, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocIsDangerous + D2 77F79665 23 Bytes [ FF, 83, F9, 43, 0F, 84, 0A, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetArgsW + 26 77F79AF7 161 Bytes [ C6, 0C, 47, 81, FE, A4, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsPrefixW + F 77F79C1B 75 Bytes [ 0F, 84, 07, 76, 01, 00, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsPrefixW + 5C 77F79C68 2 Bytes [ ED, 75 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsPrefixW + 60 77F79C6C 10 Bytes [ 56, FF, 75, 10, FF, 75, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsPrefixW + 6C 77F79C78 13 Bytes [ 00, 8B, 4D, FC, 5E, E8, 9E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsPrefixW + 7A 77F79C86 11 Bytes [ 90, 90, 90, 90, 90, FF, 25, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMatchSpecW + 116 77F79E25 84 Bytes [ 00, 50, 56, FF, B5, 64, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsFileSpecW + 33 77F79E7A 5 Bytes [ 0F, 84, C1, 36, 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsFileSpecW + 39 77F79E80 69 Bytes [ 8B, 85, 5C, FD, FF, FF, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsFileSpecW + 7F 77F79EC6 23 Bytes [ 8B, 85, 78, FD, FF, FF, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsFileSpecW + 97 77F79EDE 21 Bytes [ 0F, 84, F1, 81, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsFileSpecW + AD 77F79EF4 101 Bytes [ 00, FF, B5, 78, FD, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimW 77F7A3D7 82 Bytes [ 90, 2E, 00, 6D, 00, 73, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimW + 53 77F7A42A 45 Bytes [ 90, 90, 2E, 00, 6D, 00, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimW + 82 77F7A459 23 Bytes [ 00, 90, 90, 2E, 00, 6D, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimW + 9B 77F7A472 41 Bytes [ 90, 90, 2E, 00, 6D, 00, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrTrimW + C5 77F7A49C 29 Bytes [ 61, 00, 67, 00, 00, 00, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2W + 69 77F7AE37 10 Bytes CALL 44E2979D
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2W + 74 77F7AE42 13 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2W + 82 77F7AE50 1 Byte [ C9 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2W + 84 77F7AE52 11 Bytes [ 1C, 66, 8B, 01, 66, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2W + 91 77F7AE5F 40 Bytes [ 66, 83, F8, 5C, 74, 0A, 66, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrW + 1C 77F7AF43 13 Bytes JMP 7807AF4C
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrW + 2A 77F7AF51 48 Bytes [ 8B, C7, 5F, 5E, 5B, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToStrW + 5B 77F7AF82 220 Bytes [ 00, 00, 01, 00, 07, 02, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetThreadRef + B7 77F7B05F 48 Bytes [ 00, 00, 4A, 74, 6B, 4A, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetThreadRef + E8 77F7B090 17 Bytes [ 9A, 03, 00, 85, C0, 89, 45, … ].text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNW + F 77F66D07 11 Bytes [ FF, 39, 1D, A8, D2, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrW 77F66D1C 128 Bytes [ 90, 90, 8B, FF, 56, 6A, 07, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAddBackslashW 77F66D9D 154 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryValueExW + 33 77F66E71 42 Bytes [ 8D, 7D, F4, A5, 33, D2, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIW + 8 77F66E9C 6 Bytes [ F6, 77, 85, C0, 74, AA ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIW + F 77F66EA3 15 Bytes [ 36, FF, 15, 7C, 10, F6, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNIW + 1F 77F66EB3 6 Bytes [ 0F, 85, 19, 8A, 02, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpICA + B 77F66F0B 125 Bytes [ CC, 8B, 4D, D0, 8B, 3D, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameW + 2 77F66F89 56 Bytes [ 74, 2D, 33, F6, 39, 75, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameW + 3B 77F66FC2 27 Bytes [ 00, 39, 75, F0, 0F, 84, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameW + 57 77F66FDE 67 Bytes [ 57, C7, 05, E0, D6, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindFileNameW + A7 77F6702E 62 Bytes [ FF, 15, 04, 18, F6, 77, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpW + 37 77F6706D 188 Bytes [ F6, C4, 01, 0F, 85, DD, 03, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpW + F4 77F6712A 20 Bytes [ 77, 80, F9, 03, 74, 09, 80, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpW + 10A 77F67140 59 Bytes [ 8A, 0D, 7A, D7, FC, 77, 80, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpW + 146 77F6717C 30 Bytes [ 83, 3D, F0, D6, FC, 77, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpW + 165 77F6719B 396 Bytes [ 00, 83, F8, 04, 0F, 85, B7, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathIsRootW + B 77F67381 144 Bytes [ 77, 39, 60, F6, 77, 5D, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveBackslashW + 43 77F67412 83 Bytes [ 00, FF, D6, 85, C0, 0F, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCommonPrefixW + 2C 77F67466 15 Bytes [ FF, 55, 8B, EC, 83, EC, 1C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCommonPrefixW + 3C 77F67476 30 Bytes [ 53, 56, 57, 8D, 75, 0C, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCommonPrefixW + 5B 77F67495 66 Bytes [ FF, 85, C0, 59, 74, 3D, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCommonPrefixW + 9E 77F674D8 42 Bytes [ 33, DB, EB, C5, 6A, 01, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCommonPrefixW + C9 77F67503 31 Bytes [ D9, 8D, 75, 0C, 8D, 7D, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 6 77F67523 15 Bytes [ 15, 84, 14, F6, 77, 89, 43, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 16 77F67533 4 Bytes [ FF, 83, 7B, 14 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 1B 77F67538 52 Bytes [ 5F, 5E, 89, 43, 04, 5B, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + 50 77F6756D 120 Bytes [ 55, 08, 56, 8B, 75, 10, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!IntlStrEqWorkerW + C9 77F675E6 113 Bytes [ 74, 0A, 66, 3B, 4D, 0C, 74, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeW + 4 77F67795 6 Bytes [ 01, 66, 85, C0, 75, E4 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeW + B 77F6779C 41 Bytes [ D2, 8B, C2, 75, 02, 8B, C1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeW + 35 77F677C6 127 Bytes [ A1, 80, D2, FC, 77, 89, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeW + B5 77F67846 76 Bytes [ ED, 0F, B7, 01, 0F, B7, 0A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCanonicalizeW + 102 77F67893 64 Bytes [ 14, 74, 3E, 57, 66, 89, 06, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineW + 17 77F678F0 16 Bytes [ 18, 33, FF, FF, 75, 14, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineW + 28 77F67901 11 Bytes [ D6, 3B, C7, 89, 45, FC, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineW + 34 77F6790D 23 Bytes [ 8B, 45, FC, 5F, 5E, C9, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineW + 4D 77F67926 6 Bytes [ 83, 3D, 84, D2, FC, 77 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathCombineW + 54 77F6792D 50 Bytes [ A1, 80, D2, FC, 77, 56, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathAppendW + F8 77F67AD5 123 Bytes [ F0, 8B, 4D, FC, 8B, C6, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + 42 77F67BA8 32 Bytes [ F3, A5, 8B, C8, 83, E1, 03, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + A1 77F67C07 6 Bytes [ 8B, FF, 55, 8B, EC, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + A8 77F67C0E 126 Bytes [ 10, 33, C9, 33, C0, 39, 4A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveFileSpecW + 127 77F67C8D 20 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFileExistsW + 9 77F67CA2 1 Byte [ 75 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFileExistsW + B 77F67CA4 14 Bytes [ 0F, 85, 13, A3, 00, 00, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFileExistsW + 1B 77F67CB4 5 Bytes [ 0C, E8, E8, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFileExistsW + 21 77F67CBA 43 Bytes [ 8B, F0, 3B, F7, 0F, 87, 26, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ChrCmpIW 77F67D1A 9 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!ChrCmpIW + A 77F67D24 53 Bytes [ 00, 57, 74, 45, 8B, 7D, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrIW + A 77F67D5A 10 Bytes [ C0, 74, 07, 53, 83, C6, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrIW + 15 77F67D65 67 Bytes [ C6, 5E, 5B, 5F, 5D, C2, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrIW + 1D 77F67DA9 101 Bytes [ C0, 85, FF, 74, 36, 57, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrIW + 83 77F67E0F 10 Bytes [ 17, 66, 8B, 0E, 66, 85, C9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrIW + 8E 77F67E1A 13 Bytes [ 0A, 42, 42, 46, 46, 4F, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrIW + 9D 77F67E29 10 Bytes [ 5E, 0F, 84, C5, AE, 02, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrStrIW + A8 77F67E34 4 Bytes [ 5F, 5D, C2, 10 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfA + 62 77F67F74 29 Bytes [ FF, 7F, 0F, 87, D6, 8D, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfA + 80 77F67F92 19 Bytes [ C2, 74, 26, 66, 8B, 0A, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfA + 94 77F67FA6 104 Bytes [ F9, 3A, 74, 15, 66, 83, F9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfA + 177 77F68089 69 Bytes [ FC, 01, 00, 00, 00, EB, 52, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfA + 1BD 77F680CF 19 Bytes [ FF, 0F, C1, E7, 04, 03, FA, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfA + 24 77F681B0 22 Bytes [ EB, FE, FF, FF, 85, C0, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfA + 3B 77F681C7 77 Bytes [ 5F, 66, 89, 46, 06, 57, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfA + 89 77F68215 85 Bytes [ 85, C0, 0F, 84, 18, 43, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfA + DF 77F6826B 90 Bytes [ FF, 85, C0, 0F, 84, C1, 42, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfA + 13A 77F682C6 1 Byte [ 55 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootW + E 77F68313 93 Bytes [ 20, 40, 40, 66, 39, 08, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootW + 6C 77F68371 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathStripToRootW + 73 77F68378 58 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpLogicalW + E 77F683B3 20 Bytes [ 0F, 85, 25, A5, 01, 00, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpLogicalW + 23 77F683C8 87 Bytes [ 00, 00, 90, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpLogicalW + 7B 77F68420 27 Bytes [ 8B, 08, 66, 85, C9, 74, 0A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpLogicalW + 97 77F6843C 179 Bytes [ 55, 8B, EC, 8B, 4D, 08, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpLogicalW + 14B 77F684F0 48 Bytes [ 00, 7D, 1E, 8B, 75, 08, 8D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegCloseUSKey + 63 77F68A4B 19 Bytes [ 86, 01, 00, 48, 0F, 84, 79, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 6 77F68A5F 66 Bytes CALL EA7A9984
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 4B 77F68AA4 19 Bytes [ 6A, 02, 5A, 2B, C2, 0F, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 5F 77F68AB8 16 Bytes [ 2B, C2, 0F, 84, EE, 85, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + 71 77F68ACA 121 Bytes [ 83, E0, 04, EB, A3, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegOpenUSKeyA + EC 77F68B45 2 Bytes [ EB, 07 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegOpenUSKeyW + 56 77F68BF0 92 Bytes [ 55, 10, 3B, D0, 74, 04, 2B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 4B 77F68C4D 134 Bytes [ FF, FF, 7F, 0F, 87, 6C, 9F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueW + D2 77F68CD4 54 Bytes [ FF, 55, 8B, EC, 83, 7D, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 109 77F68D0B 3 Bytes [ 25, 80, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 14F 77F68D51 2 Bytes [ FF, 55 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetUSValueW + 152 77F68D54 12 Bytes [ EC, 56, 8B, 75, 08, 85, F6, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + 4D 77F68DD2 58 Bytes [ EB, E0, 8B, C6, 5E, 5B, 5F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + 8A 77F68E0F 36 Bytes [ 4D, 6A, 01, FF, 15, D8, 11, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + CD 77F68E52 14 Bytes [ B5, F8, FD, FF, FF, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegQueryUSValueW + F4 77F68E79 128 Bytes [ 4D, 08, 85, C9, 74, 0F, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 56 77F68EFA 13 Bytes [ 15, 44, 12, F6, 77, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 64 77F68F08 27 Bytes [ FF, C9, C2, 1C, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 80 77F68F24 16 Bytes [ 4D, 0C, 8B, 4D, 0C, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 91 77F68F35 13 Bytes [ 7D, 08, 89, 75, D8, 89, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetBoolUSValueW + 9F 77F68F43 72 Bytes [ 00, 89, 45, E0, 0F, 88, 55, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfW + 6 77F69107 6 Bytes [ 7D, D4, 00, 0F, 85, B7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfW + D 77F6910E 34 Bytes [ 02, 00, 85, C0, 0F, 8C, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfW + 30 77F69131 77 Bytes [ 39, 75, D4, 0F, 85, 20, 78, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfW + 7E 77F6917F 47 Bytes [ 55, 0C, 89, 0A, 5D, C2, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wvnsprintfW + AE 77F691AF 2 Bytes CALL 037AA0BB
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfW + 56 77F6934C 9 Bytes [ 68, 24, 76, F6, 77, 56, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfW + 60 77F69356 6 Bytes [ 85, FF, 0F, 8C, EB, F7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfW + 67 77F6935D 25 Bytes JMP 77F93AD7 C:WINDOWSsystem32SHLWAPI.dll (Библиотека небольших программ оболочки/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfW + 81 77F69377 41 Bytes [ FF, 75, 0C, 8B, 08, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!wnsprintfW + AB 77F693A1 180 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueW + 9 77F69678 47 Bytes [ 77, 73, 70, 49, 74, 69, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueW + 3A 77F696A9 71 Bytes [ 97, 06, D1, 2E, 93, CF, 11, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueW + 82 77F696F1 45 Bytes [ EE, 44, 45, 53, 54, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueW + B0 77F6971F 132 Bytes [ 55, 8B, EC, 83, EC, 14, A1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHSetValueW + 135 77F697A4 12 Bytes [ A1, 80, D2, FC, 77, 56, 6A, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocCreate + 2 77F69D7B 12 Bytes [ 5E, 5D, C2, 1C, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocCreate + F 77F69D88 3 Bytes [ 8B, EC, 51 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocCreate + 14 77F69D8D 15 Bytes [ 8B, 7D, 18, 33, C0, 3B, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocCreate + 24 77F69D9D 92 Bytes [ 4D, 18, 8B, 4D, 10, 3B, C8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocCreate + 81 77F69DFA 79 Bytes [ FF, 85, C0, 74, 37, 83, 7D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 7 77F6A456 30 Bytes [ FB, 77, 35, 23, FC, 77, 35, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 26 77F6A475 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 2B 77F6A47A 13 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 3A 77F6A489 9 Bytes [ 70, 08, 57, 8B, 38, 50, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegDuplicateHKey + 44 77F6A493 23 Bytes [ FF, 59, 53, FF, D7, 85, F6, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyW + 5D 77F6A51B 67 Bytes [ 45, 0C, 89, 46, 04, 8B, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyW + A2 77F6A560 1 Byte [ 8C ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyW + A6 77F6A564 7 Bytes [ 5F, 33, C0, 40, 85, DB, 0F ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyW + AE 77F6A56C 18 Bytes [ F2, BF, 02, 00, 5B, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryKeyW + C1 77F6A57F 194 Bytes [ FF, BE, 30, D4, FC, 77, 39, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntW + 20 77F6AEA4 73 Bytes [ 00, 68, 98, 00, 00, 00, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnquoteSpacesW + 1F 77F6AEEE 5 Bytes [ 5B, 5D, C2, 0C, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathUnquoteSpacesW + 25 77F6AEF4 33 Bytes [ DD, D0, 16, 90, 41, 7C, CC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrW + 19 77F6AF87 55 Bytes [ 83, C1, 0C, 39, 75, 10, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathParseIconLocationW + 12 77F6AFBF 107 Bytes CALL 7860C038
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathParseIconLocationW + 7E 77F6B02B 25 Bytes [ CB, 07, F4, C4, 5B, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 15 77F6B045 56 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 4F 77F6B07F 6 Bytes [ 0C, 51, 50, E8, 25, C5 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 56 77F6B086 6 Bytes [ FF, 8D, 4E, F0, 8B, 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 5D 77F6B08D 22 Bytes [ 50, 20, 5E, 5D, C2, 08, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocQueryStringByKeyW + 77 77F6B0A7 105 Bytes [ 90, 83, 6C, 24, 04, 10, E9, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHUnlockShared 77F6B44E 45 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHFreeShared + 13 77F6B47C 17 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHFreeShared + 7A 77F6B4E3 40 Bytes [ F0, 85, F6, 7C, 3D, 8B, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAllocShared + C 77F6B50D 25 Bytes [ 14, 8B, 08, FF, 75, 0C, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAllocShared + 26 77F6B527 17 Bytes [ C6, 5E, C9, C2, 14, 00, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAllocShared + 38 77F6B539 174 Bytes [ 57, 8B, 7D, 08, 33, C0, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAllocShared + E7 77F6B5E8 101 Bytes [ 00, 00, 8B, F8, 85, FF, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHAllocShared + 14E 77F6B64F 14 Bytes [ 8B, 4D, 1C, 89, 01, 0F, 84, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + 15 77F6B7BE 114 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + 88 77F6B831 9 Bytes [ FF, 00, 01, 00, 00, E8, 4C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + 92 77F6B83B 17 Bytes [ 83, 26, 00, 85, C0, 0F, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + A5 77F6B84E 3 Bytes [ 85, 90, AA ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamOnFileW + AA 77F6B853 23 Bytes [ 85, DB, 75, 0D, 66, 39, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 1C 77F6B8B9 13 Bytes [ 17, 01, 0F, 84, 89, F9, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 2A 77F6B8C7 59 Bytes [ 45, 10, 75, 29, 8B, 06, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 66 77F6B903 186 Bytes [ FF, 55, 8B, EC, F6, 45, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 121 77F6B9BE 7 Bytes [ C7, C7, 85, 50, FD, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHOpenRegStream2A + 12A 77F6B9C7 138 Bytes [ 00, 80, 3B, DE, 8D, 4D, AC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 4 77F6BE8A 57 Bytes [ 4D, 08, 85, C9, 0F, 84, 76, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 3E 77F6BEC4 17 Bytes [ 8B, C2, 5D, C2, 04, 00, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 50 77F6BED6 5 Bytes [ 75, 08, 85, F6, 74 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 56 77F6BEDC 41 Bytes [ 56, FF, 15, 70, 14, F6, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetViewStatePropertyBag + 80 77F6BF06 37 Bytes [ C0, 74, 0D, 83, 3D, 40, D4, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntExW + 5 77F6C320 20 Bytes [ 81, EC, 1C, 04, 00, 00, A1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToIntExW + 1A 77F6C335 20 Bytes [ 7D, 0C, 89, 45, FC, 8B, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExW + 11 77F6C359 95 Bytes [ 0F, 84, 0B, 80, 02, 00, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExW + 71 77F6C3B9 8 Bytes [ 5E, C3, 90, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExW + 7A 77F6C3C2 41 Bytes [ 55, 8B, EC, 51, 83, 65, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExW + A4 77F6C3EC 46 Bytes [ 57, 07, 01, 00, FF, D3, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrToInt64ExW + D3 77F6C41B 45 Bytes [ FF, 75, 14, 8D, 45, FC, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 54 77F6CAE7 4 Bytes [ 85, 01, 9C, 02 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 5A 77F6CAED 36 Bytes [ 41, 14, 03, 45, 0C, EB, D9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocGetPerceivedType + 7F 77F6CB12 117 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocGetPerceivedType + F5 77F6CB88 5 Bytes [ 00, 00, FF, 76, 1C ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!AssocGetPerceivedType + FB 77F6CB8E 8 Bytes [ 15, 00, 10, F6, 77, E9, E4, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartW + 27 77F6D93C 54 Bytes [ 88, C7, F6, 77, 7C, C7, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartW + 5E 77F6D973 17 Bytes [ 77, 08, C7, F6, 77, FC, C6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartW + 70 77F6D985 69 Bytes [ C6, F6, 77, D8, C6, F6, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartW + B6 77F6D9CB 39 Bytes [ 00, 7C, C4, F6, 77, 70, C4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!UrlGetPartW + DE 77F6D9F3 74 Bytes [ 77, 14, C4, F6, 77, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetValueA + 2F 77F70CD9 336 Bytes [ 79, 6D, 46, 75, 6E, 63, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetValueA + E7 77F70E2A 127 Bytes [ F6, 77, 36, 72, FC, 77, A0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryValueExA + 3F 77F70EAA 28 Bytes [ 69, 6C, 44, 72, 61, 77, 42, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryValueExA + 5C 77F70EC7 22 Bytes [ 79, 6C, 65, 00, 90, 53, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryValueExA + 73 77F70EDE 21 Bytes [ 90, 90, 53, 65, 74, 47, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryValueExA + 89 77F70EF4 14 Bytes [ 61, 64, 67, 65, 74, 50, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHQueryValueExA + 98 77F70F03 33 Bytes [ 47, 61, 64, 67, 65, 74, 4D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrA + 74 77F70FF4 216 Bytes [ 47, 65, 74, 47, 61, 64, 67, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrA + 14D 77F710CD 54 Bytes [ 90, 90, 90, 42, 75, 69, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRChrA + 184 77F71104 14 Bytes [ 41, 75, 74, 6F, 54, 72, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatW + D 77F71113 319 Bytes [ 61, 63, 68, 57, 6E, 64, 50, … ].text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfo + 91 7CABF4DC 107 Bytes [ 75, 0C, FF, 15, 88, 1E, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfo + FD 7CABF548 6 Bytes JMP 7CABF63E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfo + 104 7CABF54F 61 Bytes [ 34, 8D, A0, AF, A5, 7C, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfo + 142 7CABF58D 8 Bytes [ F9, 0A, 0F, 8C, A9, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHOpenFolderAndSelectItems + 7B 7CABF885 28 Bytes [ 7C, 0E, 8B, 4D, FC, F7, D9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellItem 7CABF8A2 7 Bytes [ 90, 90, 90, 90, 8B, FF, 55 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellItem + 8 7CABF8AA 29 Bytes [ EC, 51, 83, 65, FC, 00, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellItem + 26 7CABF8C8 2 Bytes [ 4D, FC ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellItem + 29 7CABF8CB 44 Bytes [ D9, 1B, C9, 83, E1, FE, 41, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellItem + 56 7CABF8F8 47 Bytes [ 75, 08, 6A, 77, 6A, 06, E8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateFileExtractIconW + 9 7CABFA17 18 Bytes [ 59, 8B, 55, 14, 89, 0A, C9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateFileExtractIconW + 1C 7CABFA2A 74 Bytes [ EC, 51, 83, 65, FC, 00, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateFileExtractIconW + 67 7CABFA75 66 Bytes [ 75, 0C, FF, 75, 08, 6A, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateFileExtractIconW + AA 7CABFAB8 79 Bytes [ 75, 08, 6A, 02, 6A, 0A, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateFileExtractIconW + FA 7CABFB08 63 Bytes [ 4D, FC, F7, D9, 1B, C9, 83, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAppBarMessage + 14 7CAC0C5F 114 Bytes [ 8D, 85, 54, FD, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAppBarMessage + 87 7CAC0CD2 4 Bytes [ 8D, 85, 4C, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAppBarMessage + 8C 7CAC0CD7 36 Bytes [ FF, 50, FF, 15, D8, 19, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAppBarMessage + B1 7CAC0CFC 76 Bytes [ FF, 5F, 5E, 8B, 4D, FC, 5B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAppBarMessage + FE 7CAC0D49 5 Bytes [ FF, 89, 9D, D0, F9 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEnableServiceObject + 2 7CAC0DBD 100 Bytes [ D6, 8D, 85, F4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetInstanceExplorer + 30 7CAC0E22 16 Bytes [ FF, 50, FF, 15, 60, 1F, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetInstanceExplorer + 41 7CAC0E33 24 Bytes [ 0F, 84, 33, 01, 00, 00, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetInstanceExplorer + 5A 7CAC0E4C 12 Bytes [ FF, 50, FF, B5, CC, F9, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetInstanceExplorer + 67 7CAC0E59 50 Bytes [ FF, 50, FF, D3, FF, B5, D0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetInstanceExplorer + 9B 7CAC0E8D 15 Bytes CALL 7CA0EA16 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolderW + 17 7CAC3DA2 94 Bytes [ C1, C7, 00, B0, 27, 9D, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolderW + 76 7CAC3E01 12 Bytes [ 50, 68, 00, 80, 00, 00, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolderW + 83 7CAC3E0E 78 Bytes [ B5, F0, FD, FF, FF, E8, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolderW + D3 7CAC3E5E 4 Bytes [ 08, 50, FF, 51 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolderW + D8 7CAC3E63 142 Bytes [ 8B, 4D, FC, 33, C0, 85, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolder + 6D 7CAC3EF2 11 Bytes CALL 7C9FE665 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolder + 79 7CAC3EFE 18 Bytes [ 1D, D4, 12, 9C, 7C, 89, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolder + 8C 7CAC3F11 12 Bytes [ 50, 68, 44, 37, 00, 00, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolder + 99 7CAC3F1E 25 Bytes [ 15, E4, 12, 9C, 7C, 83, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBrowseForFolder + B3 7CAC3F38 143 Bytes [ 15, 54, 13, 9C, 7C, FF, 37, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WOWShellExecute + 2F 7CAC5268 78 Bytes [ 59, 8B, C6, 5E, 5D, C2, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WOWShellExecute + 7E 7CAC52B7 315 Bytes [ 51, 30, 8B, 46, 10, 8B, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExec_RunDLL + 24 7CAC53F3 126 Bytes [ EC, 10, 00, 00, 00, E8, F1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExec_RunDLLW + 3D 7CAC5472 12 Bytes [ 50, 0C, 8B, F0, 85, F6, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExec_RunDLLW + 4A 7CAC547F 30 Bytes CALL 7CAC5121 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExec_RunDLLW + 69 7CAC549E 2 Bytes [ 08, 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExec_RunDLLW + 6C 7CAC54A1 4 Bytes [ 5D, 18, 53, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExec_RunDLLW + 71 7CAC54A6 17 Bytes [ 14, 6A, 00, 57, 50, FF, 51, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 23 7CAC6018 41 Bytes [ 75, FC, FF, 15, 58, 19, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 4D 7CAC6042 46 Bytes [ 15, 68, 13, 9C, 7C, 56, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 7C 7CAC6071 15 Bytes [ 00, 75, 0B, 53, FF, 15, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateProcessAsUserW + 8D 7CAC6082 22 Bytes [ FF, 75, 10, 68, 13, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateProcessAsUserW + A4 7CAC6099 328 Bytes [ 7D, 08, 00, 74, 30, 6A, 01, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHShellFolderView_Message + 28 7CAC76F3 79 Bytes CALL 7CA21BC1 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHShellFolderView_Message + 78 7CAC7743 48 Bytes [ FF, FF, 15, A0, 1A, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHShellFolderView_Message + AA 7CAC7775 24 Bytes [ 45, FC, 8B, 45, 0C, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHShellFolderView_Message + C3 7CAC778E 14 Bytes [ FD, FF, FF, 8D, 5E, F0, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHShellFolderView_Message + D2 7CAC779D 48 Bytes [ 89, BD, DC, FD, FF, FF, E8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 2D 7CAC7BA0 9 Bytes [ F4, F9, FF, FF, 50, E8, A9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 37 7CAC7BAA 10 Bytes [ F7, D8, 1B, C0, 83, E0, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 42 7CAC7BB5 40 Bytes [ 00, 50, FF, 35, 64, C5, BB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 6B 7CAC7BDE 9 Bytes [ 83, C4, 10, EB, 31, 8B, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderViewEx + 75 7CAC7BE8 18 Bytes [ FF, BB, 00, 01, 00, 00, 53, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFind_InitMenuPopup + 2 7CAC98C0 93 Bytes [ 5E, 5D, C2, 08, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFind_InitMenuPopup + 60 7CAC991E 45 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFind_InitMenuPopup + 8E 7CAC994C 44 Bytes CALL 7C9E3900 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFind_InitMenuPopup + BB 7CAC9979 36 Bytes [ 10, 89, 06, 74, 46, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFind_InitMenuPopup + E0 7CAC999E 256 Bytes [ FF, FF, 85, C0, 74, 0A, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFindFiles + 19 7CACAF35 27 Bytes [ 76, 20, 8B, 06, 57, 56, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFindFiles + 35 7CACAF51 7 Bytes [ 51, 1C, 85, C0, 7C, E7, 33 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFindFiles + 3D 7CACAF59 171 Bytes [ 39, 7D, F8, 7E, E0, 8B, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFindFiles + EA 7CACB006 6 Bytes [ 0F, 84, C3, 00, 00, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFindFiles + F1 7CACB00D 11 Bytes [ 8D, F0, FD, FF, FF, 3B, BD, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 2 7CACE6DC 122 Bytes [ 51, 40, 8B, F0, 3B, F7, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 7D 7CACE757 10 Bytes [ 5C, FF, FF, FF, 3B, F7, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 89 7CACE763 8 Bytes [ EB, 07, 66, 8B, 85, 5C, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + 92 7CACE76C 29 Bytes [ 68, 00, 04, 00, 00, 57, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHStartNetConnectionDialogW + B0 7CACE78A 10 Bytes [ 1B, C0, 23, C1, 50, 68, A0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + 2 7CAD04BC 37 Bytes [ 75, 10, 8B, 08, FF, 75, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + 28 7CAD04E2 130 Bytes CALL 7C9F86B5 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexW + AB 7CAD0565 112 Bytes [ 39, 5D, 14, 74, 0B, 6A, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 44 7CAD05D6 4 Bytes [ 75, 0C, 83, C1 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 49 7CAD05DB 90 Bytes CALL 7C9F91E5 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + A4 7CAD0636 77 Bytes CALL 7C9F91E3 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + F2 7CAD0684 51 Bytes [ FF, 8B, 08, 50, FF, 51, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetIconOverlayIndexA + 126 7CAD06B8 26 Bytes [ 08, 57, 89, 8D, EC, FD, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgCreate + 4 7CAD1106 1 Byte [ F0 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgCreate + 7 7CAD1109 108 Bytes [ 0C, 8B, 08, 50, FF, 51, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgCreate + 74 7CAD1176 129 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgCreate + F6 7CAD11F8 19 Bytes [ 38, 85, FF, 89, BD, C4, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgCreate + 10A 7CAD120C 82 Bytes [ FF, 15, 68, AF, 9E, 7C, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgWriteMultiple + 83 7CAD1E58 22 Bytes [ FF, 50, C7, 85, A0, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgWriteMultiple + 9A 7CAD1E6F 7 Bytes [ FF, 50, 8D, 85, F4, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgWriteMultiple + A2 7CAD1E77 27 Bytes [ 50, FF, D6, 8D, 85, A4, FB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgWriteMultiple + BE 7CAD1E93 9 Bytes [ 15, 50, 1A, 9C, 7C, 83, BD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgWriteMultiple + C8 7CAD1E9D 23 Bytes [ FF, 00, 74, 16, 8D, 85, F4, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLimitInputEdit + 2E 7CAD2AD9 22 Bytes [ C9, C2, 14, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLimitInputEdit + 45 7CAD2AF0 14 Bytes [ 75, 0C, 66, 83, 27, 00, BE, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLimitInputEdit + 54 7CAD2AFF 25 Bytes [ FF, 85, C0, 74, 21, 33, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLimitInputEdit + 6E 7CAD2B19 89 Bytes [ 40, 08, FF, 75, 1C, 57, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLimitInputEdit + C8 7CAD2B73 75 Bytes [ 57, FF, 75, 10, BF, 05, 40, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMultiFileProperties + 36 7CAD2F06 32 Bytes CALL 7CAD2EB2 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMultiFileProperties + 57 7CAD2F27 2 Bytes [ 55, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMultiFileProperties + 5A 7CAD2F2A 7 Bytes [ 51, 53, 56, 57, 8B, F1, 33 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMultiFileProperties + 62 7CAD2F32 39 Bytes [ F6, 46, 08, 02, 0F, 84, A1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMultiFileProperties + 8B 7CAD2F5B 2 Bytes [ 94, 17 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 4F 7CAD36C6 14 Bytes [ 33, C0, EB, 51, FF, 75, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 5E 7CAD36D5 13 Bytes CALL 7CAD326E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 6C 7CAD36E3 7 Bytes [ 75, 18, 68, 7D, 26, AD, 7C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 74 7CAD36EB 3 Bytes [ 75, 08, E8 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 78 7CAD36EF 13 Bytes [ 82, 0C, 00, 8B, 4D, 1C, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExeDlgProc + 18 7CAFDE34 8 Bytes [ 90, 90, 90, 90, 38, 36, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExeDlgProc + 21 7CAFDE3D 22 Bytes [ 43, 9C, 7C, 63, 7A, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExeDlgProc + 38 7CAFDE54 1 Byte [ FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExeDlgProc + 3A 7CAFDE56 50 Bytes [ 00, 00, 5B, CD, AF, 7C, 23, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExeDlgProc + 6F 7CAFDE8B 5 Bytes [ 90, 90, 8B, FF, 53 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Options_RunDLLW + 4B 7CB58ECB 26 Bytes CALL 7CB569D2 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Options_RunDLLW + 66 7CB58EE6 118 Bytes [ D3, 8B, 45, F8, F6, 00, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Options_RunDLLW + DD 7CB58F5D 11 Bytes [ 75, 19, 68, 62, 63, B5, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Options_RunDLLW + E9 7CB58F69 3 Bytes [ 6A, 0A, 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Options_RunDLLW + ED 7CB58F6D 43 Bytes [ FF, 15, 8C, 13, 9C, 7C, A3, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 1 7CB5AE6B 94 Bytes [ D9, 74, 02, 89, 30, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 60 7CB5AECA 16 Bytes [ 51, 0C, 8B, 45, FC, 8B, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + 71 7CB5AEDB 51 Bytes [ 51, 0C, FF, 77, 04, 8B, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + A6 7CB5AF10 12 Bytes [ 8B, 45, EC, 8B, 08, 8D, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateLocalServerRunDll + B4 7CB5AF1E 47 Bytes [ 50, FF, 11, 8B, 45, F4, 3B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCmpNIA + 1 7CB99353 3 Bytes [ 15, CC, 16 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCmpNIA + 6 7CB99358 11 Bytes [ 8B, C6, 5F, 5E, 5B, C9, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCmpNIW + 9 7CB99366 56 Bytes [ 8B, FF, 55, 8B, EC, 56, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrIA 7CB9939F 54 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + B 7CB993D6 132 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + 90 7CB9945B 10 Bytes [ 50, 57, 68, 17, 04, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + 9B 7CB99466 32 Bytes [ D3, F6, 85, ED, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + BC 7CB99487 21 Bytes [ D7, 83, F8, FF, 74, 3D, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + D2 7CB9949D 32 Bytes [ 50, 0F, B7, 85, F4, FD, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99E05 77F61820 4 Bytes [ 00, 00, 00, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99E0D 77F61828 2 Bytes [ 00, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99E11 77F6182C 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99E15 77F61830 2 Bytes [ 00, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHCreateStreamWrapper + FFF99E19 77F61834 2 Bytes [ 00, 00 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathBuildRootW + 95 77F640D3 218 Bytes [ 50, 61, 74, 68, 47, 65, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathBuildRootW + 170 77F641AE 130 Bytes [ 50, 61, 74, 68, 49, 73, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathBuildRootW + 1F3 77F64231 390 Bytes [ 69, 76, 65, 41, 00, 50, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetValueW + 99 77F643B8 53 Bytes [ 50, 61, 74, 68, 51, 75, 6F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetValueW + CF 77F643EE 19 Bytes [ 50, 61, 74, 68, 52, 65, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetValueW + E3 77F64402 15 Bytes [ 50, 61, 74, 68, 52, 65, 6D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetValueW + F3 77F64412 86 Bytes [ 50, 61, 74, 68, 52, 65, 6D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHRegGetValueW + 14A 77F64469 88 Bytes [ 6C, 61, 6E, 6B, 73, 57, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetValueW + 55 77F645DC 82 Bytes [ 50, 61, 74, 68, 55, 6E, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetValueW + A8 77F6462F 135 Bytes [ 50, 61, 74, 68, 55, 6E, 71, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetValueW + 130 77F646B7 9 Bytes [ 53, 48, 43, 72, 65, 61, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetValueW + 13A 77F646C1 115 Bytes [ 72, 65, 61, 6D, 4F, 6E, 46, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHGetValueW + 1AE 77F64735 80 Bytes [ 53, 48, 44, 65, 6C, 65, 74, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + 6D 77F64B1C 61 Bytes [ 61, 6C, 69, 64, 61, 74, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + AB 77F64B5A 46 Bytes [ 53, 48, 53, 65, 74, 56, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + DA 77F64B89 23 Bytes [ 53, 48, 55, 6E, 6C, 6F, 63, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + F2 77F64BA1 40 Bytes [ 53, 74, 72, 43, 53, 70, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathMakeSystemFolderW + 11B 77F64BCA 11 Bytes [ 53, 74, 72, 43, 61, 74, 42, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrW + 3A 77F66607 5 Bytes [ 00, 5D, C2, 04, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrChrW + 42 77F6660F 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCpyNW + 6 77F66669 10 Bytes [ FF, 83, FE, 03, 74, 09, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCpyNW + 11 77F66674 28 Bytes [ 85, F6, 75, F2, 57, 56, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrDupW + F 77F66691 276 Bytes [ FF, A1, 9C, D6, FC, 77, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindExtensionW + 3D 77F667A6 23 Bytes [ F9, EC, 8C, F3, FE, 44, 9F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindExtensionW + 55 77F667BE 7 Bytes [ 53, 00, 50, 00, 32, 00, 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindExtensionW + 5D 77F667C6 37 Bytes [ 68, 00, 65, 00, 6C, 00, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindExtensionW + 83 77F667EC 17 Bytes [ 72, 00, 00, 00, 4C, 00, 6F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathFindExtensionW + 95 77F667FE 13 Bytes [ 46, 00, 69, 00, 6C, 00, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 9 77F6680C 13 Bytes [ 65, 00, 73, 00, 00, 00, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 17 77F6681A 5 Bytes [ 52, 00, 69, 00, 73 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 1D 77F66820 3 Bytes [ 6B, 00, 46 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathRemoveExtensionW + 21 77F66824 67 Bytes [ 69, 00, 6C, 00, 65, 00, 54, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCW + 3F 77F66868 3 Bytes [ 44, 00, 65 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCW + 43 77F6686C 29 Bytes [ 66, 00, 61, 00, 75, 00, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCW + 61 77F6688A 31 Bytes [ 73, 00, 6B, 00, 00, 00, 48, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCW + 81 77F668AA 5 Bytes [ 6E, 00, 50, 00, 72 ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpCW + 87 77F668B0 5 Bytes [ 6F, 00, 70, 00, 65 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpIW + 8B 77F66A29 103 Bytes [ EC, 83, 3D, 60, D4, FC, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCatBuffW + 31 77F66A91 138 Bytes [ 53, 57, 8D, 85, F4, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetDriveNumberW + 32 77F66B1C 27 Bytes [ 00, 8B, F0, F7, DE, 1B, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetDriveNumberW + 4E 77F66B38 7 Bytes [ 8B, F0, 8D, 85, F4, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!PathGetDriveNumberW + 67 77F66B51 62 Bytes [ BE, 05, 00, 07, 80, E9, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHStrDupW + 30 77F66BA3 46 Bytes [ 1F, 6A, 05, 52, 4F, 89, CC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHStrDupW + 5F 77F66BD2 17 Bytes [ FF, 15, 80, 12, F6, 77, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!SHStrDupW + 71 77F66BE4 249 Bytes [ 35, 38, 14, F6, 77, 68, CC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrRetToBufW + 9F 77F66CDE 27 Bytes [ 35, EC, 13, F6, 77, BF, 98, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHLWAPI.dll!StrCmpNW + 2 77F66CFA 12 Bytes [ D6, 85, C0, 0F, 85, E9, EB, … ].text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheRemoveQuotesW + 6 7CA8889B 81 Bytes [ 4D, B8, 8B, 40, 04, C1, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheRemoveQuotesA + 1C 7CA888ED 9 Bytes [ 75, B0, 89, 75, B4, FF, D3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheRemoveQuotesA + 26 7CA888F7 84 Bytes [ 21, 8B, 45, AC, 8B, 48, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheRemoveQuotesA + 7B 7CA8894C 96 Bytes [ 89, 48, 22, 8D, 45, B4, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathW + 25 7CA889AD 35 Bytes [ 75, B0, C7, 45, B4, 40, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathW + 49 7CA889D1 27 Bytes [ 83, 60, 02, 00, 6A, 04, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathW + 65 7CA889ED 7 Bytes [ 75, B4, FF, D3, 85, C0, 75 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathW + 6D 7CA889F5 172 Bytes [ 8B, 45, AC, 8B, 40, 04, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathW + 11A 7CA88AA2 60 Bytes [ C9, C2, 04, 00, 90, 90, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathA + 11 7CA88B4C 147 Bytes [ 56, 8B, 35, B0, 1A, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathA + A5 7CA88BE0 35 Bytes [ D6, 8B, 47, 04, 8B, 40, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathA + C9 7CA88C04 40 Bytes [ 45, B8, 8D, 45, B8, 50, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathA + F2 7CA88C2D 10 Bytes [ 6A, 00, 68, 90, 1B, 9D, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheShortenPathA + FD 7CA88C38 6 Bytes [ 4D, B8, FF, D6, 8B, 47 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheConvertPathW + 16 7CA88F05 17 Bytes [ 00, 80, 80, 80, 00, 8B, 42, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheConvertPathW + 28 7CA88F17 128 Bytes [ 8B, 42, 04, C7, 80, B4, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheConvertPathW + A9 7CA88F98 9 Bytes [ EC, 20, FF, 75, 0C, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheConvertPathW + B4 7CA88FA3 2 Bytes [ D0, 10 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheConvertPathW + B9 7CA88FA8 61 Bytes [ 45, 08, 83, 65, F0, 00, 83, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLL + 10 7CA8A9B0 40 Bytes [ 50, FF, 15, 5C, 13, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLL + 39 7CA8A9D9 1 Byte [ 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLL + 3B 7CA8A9DB 33 Bytes [ FF, 15, 2C, 13, 9C, 7C, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLL + 5D 7CA8A9FD 70 Bytes [ 15, 54, 13, 9C, 7C, EB, 0E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLL + A4 7CA8AA44 43 Bytes [ 76, 10, FF, 15, E0, 12, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLLW + 16 7CA8AA70 16 Bytes [ 10, 8D, 8E, 24, 02, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLLW + 27 7CA8AA81 62 Bytes [ D7, F7, D8, 1B, C0, 40, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLLW + 66 7CA8AAC0 30 Bytes [ 75, 08, 6A, 00, FF, 35, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLLW + 86 7CA8AAE0 31 Bytes [ 68, 8C, CE, 9C, 7C, BB, 0E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenAs_RunDLLW + A6 7CA8AB00 11 Bytes [ 0D, 64, C5, BB, 7C, 89, 4D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Activate_RunDLL + 12 7CA8BA16 24 Bytes [ B5, E0, FD, FF, FF, 89, BD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Activate_RunDLL + 2B 7CA8BA2F 12 Bytes [ FF, 57, FF, 15, 90, 1A, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Activate_RunDLL + 39 7CA8BA3D 6 Bytes [ 00, 5F, 5E, 5B, 7C, 06 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Activate_RunDLL + 40 7CA8BA44 38 Bytes [ 15, E4, C0, BB, 7C, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Activate_RunDLL + 67 7CA8BA6B 26 Bytes [ 8B, 5D, 08, 56, 8B, 75, 10, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 1F 7CA8EEEC 5 Bytes [ 53, 8D, 95, EC, DC ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 25 7CA8EEF2 29 Bytes [ FF, 52, FF, B5, E0, DC, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 43 7CA8EF10 10 Bytes [ 83, 3E, 00, 75, A2, 8B, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CA8EF1B 22 Bytes [ 8B, 08, 50, FF, 51, 08, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHIsFileAvailableOffline + 65 7CA8EF32 45 Bytes [ C9, C2, 10, 00, 90, 90, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 36 7CA8F2ED 132 Bytes [ C2, 08, 00, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + BC 7CA8F373 5 Bytes [ FF, 75, 0C, 6A, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C2 7CA8F379 6 Bytes [ 75, 08, E8, 28, 1D, F9 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + C9 7CA8F380 15 Bytes [ 8B, F0, 8B, 45, 08, 8B, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEnumerateUnreadMailAccountsW + D9 7CA8F390 60 Bytes [ C6, 5E, 5D, C2, 0C, 00, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 21 7CA8F67C 100 Bytes [ 14, 8B, C1, 75, 05, 39, 7D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 86 7CA8F6E1 2 Bytes [ 85, D7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 8B 7CA8F6E6 13 Bytes [ 8D, 85, FC, FB, FF, FF, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + 99 7CA8F6F4 21 Bytes JMP 7CA8F7BA C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetAttributesFromDataObject + AF 7CA8F70A 66 Bytes [ 11, B5, AC, FB, FF, FF, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteA 7CA917AE 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteA + 4 7CA917B2 156 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteA + A1 7CA9184F 47 Bytes [ 15, 8C, 1A, 9C, 7C, 8B, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteA + D1 7CA9187F 150 Bytes [ 08, 50, FF, 51, 04, 83, 7D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteA + 168 7CA91916 33 Bytes [ 89, 45, FC, 8B, 45, 10, 89, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 1C 7CA91B03 39 Bytes [ F8, 01, 00, 00, 00, E8, 91, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 44 7CA91B2B 2 Bytes [ 84, 63 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 49 7CA91B30 28 Bytes [ 8B, 0F, 80, E1, 01, F6, D9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 66 7CA91B4D 36 Bytes [ 51, 53, 6A, 00, 68, 6C, 78, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetUnreadMailCountW + 8B 7CA91B72 29 Bytes [ 75, FC, FF, D6, 8B, 07, F7, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 11 7CA91D0C 199 Bytes [ EC, 56, 33, F6, 39, 75, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetUnreadMailCountW + D9 7CA91DD4 10 Bytes CALL D025B9EB
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetUnreadMailCountW + E4 7CA91DDF 79 Bytes [ FF, 50, 8D, 85, FC, DF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 135 7CA91E30 11 Bytes [ 8D, 85, F4, FD, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetUnreadMailCountW + 141 7CA91E3C 35 Bytes [ 8D, 85, F4, FD, FF, FF, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 27 7CA921AA 54 Bytes [ 8B, 45, 18, 57, 89, 85, E0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 5E 7CA921E1 12 Bytes [ FF, 89, BD, BC, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 6B 7CA921EE 11 Bytes [ 89, BD, C4, FD, FF, FF, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 77 7CA921FA 16 Bytes [ 89, 85, CC, FD, FF, FF, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetShellStyleHInstance + 88 7CA9220B 38 Bytes [ FF, 74, 51, 53, 68, 04, 01, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFormatDrive + 2A 7CA950A7 38 Bytes [ D3, 6A, 01, 68, 82, 70, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFormatDrive + 51 7CA950CE 11 Bytes [ D3, 68, B4, 43, 9C, 7C, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFormatDrive + 5D 7CA950DA 10 Bytes [ 76, 30, FF, D7, 50, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFormatDrive + 68 7CA950E5 104 Bytes [ 83, 66, 04, 00, 5F, C7, 06, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFormatDrive + D1 7CA9514E 8 Bytes [ 15, D4, 12, 9C, 7C, 8B, F8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!AppCompat_RunDLLW + 2 7CA957C9 37 Bytes [ 51, 05, 20, 70, 00, 00, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!AppCompat_RunDLLW + 28 7CA957EF 12 Bytes JMP 7CA95888 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!AppCompat_RunDLLW + 35 7CA957FC 28 Bytes CALL 7CA94C1E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!AppCompat_RunDLLW + 54 7CA9581B 100 Bytes [ FF, B5, D0, FD, FF, FF, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!AppCompat_RunDLLW + B9 7CA95880 20 Bytes [ 0F, AF, 85, D8, FD, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CDefFolderMenu_Create + 36 7CA96F5B 143 Bytes [ 15, 9C, 7C, 6A, 00, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 27 7CA96FEB 22 Bytes [ 35, EC, 14, 9C, 7C, 6A, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 3F 7CA97003 1 Byte [ 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 41 7CA97005 48 Bytes [ D6, 83, C7, FD, 6A, 00, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 72 7CA97036 21 Bytes [ 15, 04, 13, 9C, 7C, 8B, 1D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CDefFolderMenu_Create2 + 88 7CA9704C 89 Bytes [ FF, FF, 8B, F8, 85, FF, 7C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_AutoScroll 7CAA22D7 22 Bytes [ 1A, 9C, 7C, 33, C0, 5E, 5D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_AutoScroll + 17 7CAA22EE 29 Bytes [ 85, C0, 74, 14, 81, 78, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_AutoScroll + 35 7CAA230C 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_AutoScroll + 3C 7CAA2313 30 Bytes [ 55, 8B, EC, 53, 56, 8B, 35, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_AutoScroll + 5B 7CAA2332 142 Bytes [ 00, 57, FF, D6, 53, 68, 2E, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_DragEnterEx + 1 7CAAB59D 32 Bytes [ 55, F8, D1, F8, 03, D1, 3B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_DragEnterEx + 22 7CAAB5BE 45 Bytes [ CE, 2B, C8, 89, 4D, FC, EB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_DragEnterEx + 50 7CAAB5EC 78 Bytes [ FF, 39, 7D, 0C, 8B, F0, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_SetDragImage + 6 7CAAB63B 25 Bytes [ FF, 15, 34, 12, 9C, 7C, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_SetDragImage + 21 7CAAB656 75 Bytes CALL 7CA72C5A C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_SetDragImage + 6D 7CAAB6A2 9 Bytes [ D3, FF, 75, E4, FF, 75, F4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_SetDragImage + 77 7CAAB6AC 60 Bytes [ 75, F4, FF, 15, 44, 12, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_DragLeave + 19 7CAAB6E9 21 Bytes [ FF, 47, 8B, C7, 5F, C9, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_DragLeave + 31 7CAAB701 51 Bytes [ 8D, 45, 0C, 50, 8D, 45, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDoDragDrop + 4 7CAAB735 10 Bytes [ 35, 40, 12, 9C, 7C, 74, 05, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDoDragDrop + F 7CAAB740 83 Bytes [ D6, 83, 7D, 0C, 00, 74, 05, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDoDragDrop + 63 7CAAB794 8 Bytes [ EC, 53, 57, 8B, 7D, 08, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDoDragDrop + 6C 7CAAB79D 31 Bytes [ 3B, F8, 8B, D9, 75, 0C, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDoDragDrop + 8C 7CAAB7BD 77 Bytes [ 86, 1C, D6, 9C, 7C, FF, B6, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllInstall + 3B 7CAAE7F7 67 Bytes [ FF, 6A, 50, 50, FF, D6, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllInstall + 80 7CAAE83C 4 Bytes [ B5, B8, FE, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllInstall + 86 7CAAE842 47 Bytes [ 15, A0, 1A, 9C, 7C, 33, DB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllInstall + B6 7CAAE872 1 Byte [ 73 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllInstall + B8 7CAAE874 25 Bytes [ 70, 00, 31, 00, 72, 00, 65, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconA + 56 7CAB19F0 25 Bytes [ 33, C0, 83, FB, 02, 0F, 95, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconA + 70 7CAB1A0A 318 Bytes [ 57, FF, 15, 20, 13, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconA + 1B0 7CAB1B4A 58 Bytes [ 50, 8D, 85, D4, F5, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconA + 1EB 7CAB1B85 3 Bytes [ 85, EC, FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconA + 1F0 7CAB1B8A 6 Bytes [ 50, 8D, 85, DC, F7, FF ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHValidateUNC + 1 7CAB1F3A 68 Bytes [ 45, 14, 68, F0, 0F, AB, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHValidateUNC + 46 7CAB1F7F 47 Bytes JMP E709949F
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHValidateUNC + 76 7CAB1FAF 43 Bytes [ 15, 2C, 13, 9C, 7C, EB, 2C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHValidateUNC + A2 7CAB1FDB 57 Bytes [ 10, FF, 15, E4, 13, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHValidateUNC + DC 7CAB2015 57 Bytes [ 12, 00, 00, 5B, 38, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SignalFileOpen + C9 7CAB27B2 14 Bytes [ 15, A0, 1A, 9C, 7C, 89, 9D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SignalFileOpen + D8 7CAB27C1 16 Bytes [ 80, 6A, 40, 8D, 85, 64, FE, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteExA + 2 7CAB27D2 53 Bytes [ B0, 60, 9D, 9D, 7C, C7, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteExA + 38 7CAB2808 14 Bytes [ 85, 54, FC, FF, FF, 50, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteExA + 47 7CAB2817 21 Bytes [ 6A, 02, 6A, 00, 8D, 85, E4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteExA + 5D 7CAB282D 164 Bytes [ B4, 00, 00, 00, 68, A0, 9D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteExW + 59 7CAB28D2 90 Bytes [ FE, FF, FF, EB, DB, 8D, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteA + B 7CAB292D 20 Bytes [ FF, 50, 8D, 85, 5C, FC, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteA + 20 7CAB2942 2 Bytes [ 50, 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteA + 23 7CAB2945 41 Bytes [ 15, BC, 1F, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteW + 1A 7CAB296F 10 Bytes CALL 7CA8EA3F C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealShellExecuteW + 25 7CAB297A 14 Bytes [ 83, FE, 50, 0F, 82, 78, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteW + 1 7CAB2989 108 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteW + 6E 7CAB29F6 96 Bytes [ FF, 55, 8B, EC, 8D, 45, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteW + CF 7CAB2A57 7 Bytes [ F8, 66, 8B, 07, 66, 85, C0 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteW + D7 7CAB2A5F 21 Bytes JMP 7CAB2B4B C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteW + ED 7CAB2A75 67 Bytes [ 74, 02, 47, 47, 56, 8B, 35, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!GetFileNameFromBrowse + 27 7CAB3F69 6 Bytes [ FF, 50, 8D, 85, F4, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!GetFileNameFromBrowse + 2E 7CAB3F70 9 Bytes [ FF, 50, 53, FF, 15, 34, 13, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!GetFileNameFromBrowse + 38 7CAB3F7A 78 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!GetFileNameFromBrowse + 87 7CAB3FC9 6 Bytes [ 66, 89, 85, E4, F0, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!GetFileNameFromBrowse + 8E 7CAB3FD0 5 Bytes [ 33, C0, 53, 56, 57 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILAppendID + 11 7CAB4331 67 Bytes [ 50, 8D, 45, FC, 2B, 85, 78, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILAppendID + 55 7CAB4375 36 Bytes [ 15, 34, 21, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILAppendID + 7B 7CAB439B 14 Bytes [ 3D, 3C, 20, 9C, 7C, 6A, 5C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILAppendID + 8A 7CAB43AA 28 Bytes [ D7, 85, C0, 75, 0F, 6A, 2F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILAppendID + A7 7CAB43C7 41 Bytes [ D7, 50, 8D, 85, EC, FB, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPathA + 9 7CAB4588 26 Bytes [ 50, FF, 51, 28, EB, 06, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPathA + 24 7CAB45A3 59 Bytes [ 50, 56, FF, B5, 4C, F1, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPathA + 60 7CAB45DF 16 Bytes [ 85, 50, F1, FF, FF, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPathA + 71 7CAB45F0 16 Bytes [ FF, 50, FF, B5, 6C, F1, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPathA + 82 7CAB4601 61 Bytes [ B5, 68, F1, FF, FF, E8, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 29 7CAB66ED 2 Bytes [ 55, 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 2C 7CAB66F0 46 Bytes [ 4D, DC, 5B, F6, 46, 20, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 5B 7CAB671F 2 Bytes [ 35, F9 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 5E 7CAB6722 40 Bytes [ FF, 85, C0, 8B, 4D, DC, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirA + 87 7CAB674B 25 Bytes [ 45, D8, 33, D2, 39, 55, 08, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHHandleUpdateImage + 46 7CAB7A33 20 Bytes [ 15, AC, 1A, 9C, 7C, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHHandleUpdateImage + 5C 7CAB7A49 66 Bytes [ 00, 80, 0F, 85, 94, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHHandleUpdateImage + 9F 7CAB7A8C 69 Bytes [ FF, 50, 8B, 45, 08, 33, F6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHHandleUpdateImage + E5 7CAB7AD2 12 Bytes [ D3, 89, 85, D4, FB, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHHandleUpdateImage + F2 7CAB7ADF 16 Bytes [ FF, 15, A0, 1A, 9C, 7C, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 15 7CAB7FC9 41 Bytes [ 76, 08, 57, FF, B5, F0, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 3F 7CAB7FF3 16 Bytes [ FF, 50, 68, 00, 80, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 50 7CAB8004 14 Bytes [ 0D, FF, B5, EC, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 5F 7CAB8013 1 Byte [ 76 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifySuspendResume + 61 7CAB8015 4 Bytes [ FF, B5, F0, FD ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageW + 29 7CAB80BE 14 Bytes CALL 7C9E9620 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageW + 38 7CAB80CD 5 Bytes [ 8D, 85, F4, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageW + 3E 7CAB80D3 33 Bytes [ 50, FF, 15, 6C, 1F, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageW + 60 7CAB80F5 17 Bytes [ 15, 7C, 20, 9C, 7C, 39, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageW + 72 7CAB8107 205 Bytes [ 15, 8C, 1A, 9C, 7C, 8B, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageA + 1 7CAB81D5 72 Bytes [ 45, 10, 89, 85, EC, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageA + 4A 7CAB821E 24 Bytes [ 00, F6, 46, 11, 01, 0F, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageA + 63 7CAB8237 60 Bytes [ 40, 00, 00, 6A, 00, 56, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageA + A0 7CAB8274 16 Bytes CALL 7CAB7F52 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateImageA + B1 7CAB8285 38 Bytes [ FF, D7, 50, 6A, 40, 68, 32, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListA + 15 7CABF1E1 61 Bytes [ EB, C4, C7, 45, FC, 0E, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListA + 53 7CABF21F 5 Bytes [ 57, 8D, 45, FC, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListA + 59 7CABF225 26 Bytes CALL 7CABB6FC C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListA + 74 7CABF240 146 Bytes [ FF, 8B, F0, 85, F6, 7C, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListA + 107 7CABF2D3 136 Bytes [ 74, 08, 2B, C1, 0F, 85, 10, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfo + 79 7CABF4C4 23 Bytes [ 51, 0C, 8B, D8, 3B, DE, 0F, … ].text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHObjectProperties + 20 7CA7037A 181 Bytes [ 76, 22, 6A, 00, FF, 75, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHObjectProperties + D6 7CA70430 63 Bytes [ 00, 3B, 4D, 10, 74, 1A, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHObjectProperties + 116 7CA70470 148 Bytes [ 0C, 74, 0B, 46, 83, C0, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHObjectProperties + 1AB 7CA70505 18 Bytes [ FF, 8B, 4D, 18, 33, FF, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHObjectProperties + 1BE 7CA70518 34 Bytes [ 51, BE, 04, 01, 00, 00, 56, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellMessageBoxA + 16 7CA70763 81 Bytes [ 8B, 8D, C4, FD, FF, FF, 89, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellMessageBoxA + 68 7CA707B5 6 Bytes [ 00, 66, 83, BD, CE, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellMessageBoxA + 6F 7CA707BC 21 Bytes [ FF, 01, 66, 89, 9D, CC, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellMessageBoxA + 85 7CA707D2 9 Bytes [ 6B, C0, 0E, 83, C0, 06, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellMessageBoxA + 8F 7CA707DC 16 Bytes [ 15, 48, 19, 9C, 7C, 3B, C3, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushClipboard + D 7CA70828 65 Bytes [ FF, A5, 83, C0, 06, 66, A5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushClipboard + 4F 7CA7086A 9 Bytes [ F0, FD, FF, FF, 8B, BD, D8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushClipboard + 59 7CA70874 67 Bytes [ 8B, 8D, DC, FD, FF, FF, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushClipboard + 9D 7CA708B8 32 Bytes [ FF, 15, 4C, 19, 9C, 7C, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushClipboard + BF 7CA708DA 29 Bytes [ FF, B5, DC, FD, FF, FF, E9, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowA + 14 7CA70F1D 1 Byte [ 66 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowA + 16 7CA70F1F 91 Bytes [ B5, DC, FD, FF, FF, B9, 81, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowA + 72 7CA70F7B 79 Bytes [ DC, FD, FF, FF, 50, 56, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowA + C2 7CA70FCB 128 Bytes [ 55, 8B, EC, 33, C0, 39, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowA + 143 7CA7104C 16 Bytes [ 75, 08, FF, 15, 90, 1F, 9C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathGetShortPath + 20 7CA71326 3 Bytes [ C0, 74, 0F ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathGetShortPath + 24 7CA7132A 44 Bytes [ 75, 14, 57, FF, 75, 0C, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathGetShortPath + 54 7CA7135A 52 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathGetShortPath + 8A 7CA71390 4 Bytes [ 50, 6A, 02, 56 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathGetShortPath + 8F 7CA71395 13 Bytes CALL 7C9E7E45 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsLFNDriveA + 43 7CA714C5 1 Byte [ 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathQualify + 5 7CA714D1 48 Bytes [ 83, EC, 34, 53, 56, 8B, 35, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathQualify + 36 7CA71502 21 Bytes [ CC, 50, FF, 75, 0C, 89, 7D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathQualify + 4C 7CA71518 32 Bytes [ 75, 08, FF, 15, C8, 13, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathQualify + 6D 7CA71539 38 Bytes [ 6A, 00, 6A, 00, 68, 04, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathQualify + 94 7CA71560 126 Bytes CALL 7CA714CA C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathMakeUniqueName + 8 7CA718BC 31 Bytes [ 00, 00, 0D, 00, 00, 07, 80, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathMakeUniqueName + 28 7CA718DC 95 Bytes [ 7D, 08, 6A, 04, 57, FF, D6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathMakeUniqueName + 88 7CA7193C 35 Bytes [ FF, 50, 8D, 85, 24, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathMakeUniqueName + AC 7CA71960 58 Bytes [ EB, 03, 83, 26, 00, 8B, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathMakeUniqueName + E7 7CA7199B 25 Bytes [ 15, 84, 1F, 9C, 7C, 8B, 4D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PickIconDlg + 18 7CA72768 43 Bytes [ 7D, 08, 89, 95, E0, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PickIconDlg + 44 7CA72794 13 Bytes [ 03, C0, 89, 85, C8, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PickIconDlg + 52 7CA727A2 42 Bytes [ FF, 2B, C7, 03, C3, D1, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PickIconDlg + 7D 7CA727CD 9 Bytes JMP 7CA72884 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PickIconDlg + 87 7CA727D7 5 Bytes [ FF, 8D, 85, F4, FD ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHInvokePrinterCommandA + 5B 7CA735CA 10 Bytes [ 15, 0C, 13, 9C, 7C, E9, E1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHInvokePrinterCommandA + 66 7CA735D5 58 Bytes [ 35, C8, 12, 9C, 7C, 6A, 0B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHInvokePrinterCommandA + A1 7CA73610 18 Bytes [ 15, 1C, 11, 9C, 7C, 33, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHInvokePrinterCommandA + B4 7CA73623 8 Bytes [ 76, 18, FF, 15, 18, 11, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHInvokePrinterCommandA + BD 7CA7362C 247 Bytes CALL 7CA29AD3 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PrintersGetCommand_RunDLL + 28 7CA73724 168 Bytes [ 56, 89, 07, FF, 15, 90, 1A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA737CD 2 Bytes [ 75, 10 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 4F 7CA737D0 3 Bytes [ 45, F4, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 53 7CA737D4 8 Bytes [ 75, F8, FF, 75, FC, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 5C 7CA737DD 8 Bytes [ 75, 08, FF, 75, 18, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PrintersGetCommand_RunDLLW + 66 7CA737E7 64 Bytes [ 75, 2E, FF, D3, 83, F8, 7A, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAddFromPropSheetExtArray + 2 7CA73BA1 109 Bytes [ 3C, 00, 00, 00, C7, 85, 54, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + 18 7CA73C0F 74 Bytes [ F8, FF, 15, A0, 1A, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + 63 7CA73C5A 78 Bytes [ 80, 00, 00, 56, 89, 85, E4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + B2 7CA73CA9 7 Bytes [ C7, 74, 38, 66, 39, 38, 74 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + BA 7CA73CB1 79 Bytes CALL 7CA13E6B C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHReplaceFromPropSheetExtArray + 10B 7CA73D02 32 Bytes CALL 7CABBA26 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 1 7CA73DD1 6 Bytes [ 35, 8C, 1A, 9C, 7C, 53 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 8 7CA73DD8 2 Bytes [ 77, 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + B 7CA73DDB 184 Bytes [ D6, 8D, 5C, 00, 02, 8D, 43, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + C4 7CA73E94 84 Bytes [ EC, 56, 57, FF, 75, 08, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreatePropSheetExtArray + 119 7CA73EE9 32 Bytes [ FF, 8B, 45, 0C, BE, 08, 02, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryPoint + 5 7CA73F4A 1 Byte [ FB ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryPoint + 7 7CA73F4C 118 Bytes [ FF, 50, C7, 85, CC, F7, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFile + 10 7CA73FC3 9 Bytes [ B5, C8, F7, FF, FF, 89, 9D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFile + 1A 7CA73FCD 86 Bytes CALL 7CA9134A C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFile + 71 7CA74024 6 Bytes [ FF, 50, 8D, 85, DC, F7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFile + 78 7CA7402B 66 Bytes CALL 7CA16C4E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFile + BB 7CA7406E 2 Bytes [ EC, FB ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialogEx + 3F 7CA74761 33 Bytes [ FF, 75, FC, FF, 15, 90, 1A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialogEx + 61 7CA74783 3 Bytes [ 55, 8B, EC ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialogEx + 65 7CA74787 5 Bytes JMP 7CA74641 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialogEx + 6D 7CA7478F 49 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialogEx + 9F 7CA747C1 60 Bytes CALL 06A747C1
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialog + 3E 7CA7504F 49 Bytes [ 55, 8B, EC, 81, EC, CC, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialog + 70 7CA75081 1 Byte [ 40 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialog + 74 7CA75085 5 Bytes [ 8D, 85, 50, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialog + 7A 7CA7508B 50 Bytes [ 50, 6A, 09, 33, F6, 56, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RestartDialog + AD 7CA750BE 22 Bytes [ FF, FF, 15, 8C, 1B, 9C, 7C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHOpenPropSheetW + 28 7CA759F5 112 Bytes [ EB, 90, 66, 83, 7D, 10, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHOpenPropSheetW + 99 7CA75A66 109 Bytes [ 8B, 75, 10, 83, E6, F0, 81, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHOpenPropSheetW + 107 7CA75AD4 175 Bytes [ 75, 14, 56, FF, 75, 08, C7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHOpenPropSheetW + 1B7 7CA75B84 66 Bytes [ 15, 90, 1A, 9C, 7C, 8B, C7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHOpenPropSheetW + 1FA 7CA75BC7 21 Bytes [ 15, 64, 13, 9C, 7C, 85, C0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CheckEscapesW + 47 7CA776B3 20 Bytes [ C6, 8B, 75, 10, 74, 11, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CheckEscapesW + 5C 7CA776C8 209 Bytes [ 50, 10, 53, FF, 15, 68, 1A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CheckEscapesA + 85 7CA7779A 14 Bytes [ 53, 18, FF, 75, F8, FF, D7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CheckEscapesA + 94 7CA777A9 45 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CheckEscapesA + C2 7CA777D7 47 Bytes [ 15, 90, 1A, 9C, 7C, 83, 26, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNW + 1 7CA77807 14 Bytes [ 35, 2C, 13, 9C, 7C, 6A, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNW + 11 7CA77817 14 Bytes [ 10, FF, D6, 6A, 00, 50, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNW + 20 7CA77826 28 Bytes [ D6, 85, C0, 5E, 74, 0F, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNW + 3E 7CA77844 3 Bytes [ 8B, FF, 55 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNA + 1 7CA77848 29 Bytes [ EC, 51, 83, 65, FC, 00, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNA + 1F 7CA77866 23 Bytes [ 85, C0, 7C, 20, 8D, 45, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrCpyNA + 37 7CA7787E 18 Bytes [ 8B, 45, FC, F7, D8, 1B, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpW + E 7CA77891 30 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpW + 2D 7CA778B0 122 Bytes CALL 7CB9AC2B C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpA + 22 7CA7792B 4 Bytes [ EB, 03, 83, 27 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpA + 27 7CA77930 128 Bytes [ 53, 6A, 3C, 8D, 5E, 3C, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpIW + 30 7CA779B1 99 Bytes [ AA, 68, C8, 7D, 9D, 7C, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpIA + 27 7CA77A15 24 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpIA + 40 7CA77A2E 40 Bytes [ 08, 57, 68, 51, 33, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCmpIA + 69 7CA77A57 16 Bytes [ FF, D7, C7, 85, 4C, FA, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCpyW + 2 7CA77A68 96 Bytes [ FF, 0F, BF, 00, 68, 50, A6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrNCpyA + 18 7CA77AC9 62 Bytes [ FF, 74, 48, 8B, 85, 4C, FA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrW + 7 7CA77B08 78 Bytes [ 33, 00, 00, FF, 76, 34, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrW + 56 7CA77B57 78 Bytes [ 06, 43, 83, FB, 0C, 72, E3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrA + 38 7CA77BA6 1 Byte [ 17 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrA + 3A 7CA77BA8 3 Bytes [ B5, 44, FA ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrA + 3E 7CA77BAC 50 Bytes [ FF, 8D, 85, 50, FA, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrA + 71 7CA77BDF 19 Bytes [ 50, 68, 9A, 01, 00, 00, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrRStrA + 85 7CA77BF3 9 Bytes [ 8D, 85, 3C, FA, FF, FF, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetPathOffsetW + 1B 7CA77C4B 56 Bytes [ BE, B8, 00, 00, 00, 01, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetPathOffsetW + 54 7CA77C84 20 Bytes [ F8, FF, 89, 85, 38, FA, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetPathOffsetW + 69 7CA77C99 69 Bytes [ A5, 4C, FA, FF, FF, 00, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirW + 35 7CA77CDF 112 Bytes [ FF, 8B, 9D, 34, FA, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirA + 4 7CA77D50 33 Bytes [ 8E, BC, 00, 00, 00, 66, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirA + 27 7CA77D73 48 Bytes [ D7, 6A, 00, 6A, 00, 68, 86, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirA + 58 7CA77DA4 13 Bytes CALL 7C9E0920 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirA + 66 7CA77DB2 13 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirW + B 7CA77DC1 24 Bytes CALL 7CA77894 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirW + 24 7CA77DDA 217 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirW + FE 7CA77EB4 25 Bytes [ 5C, 12, 00, 00, 52, 33, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirW + 118 7CA77ECE 27 Bytes [ FF, 55, 8B, EC, 81, EC, D4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirW + 134 7CA77EEA 7 Bytes [ 15, 44, 1A, 9C, 7C, 83, F8 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirA + 1F 7CA77FB8 29 Bytes [ A1, 08, C5, BB, 7C, 53, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirA + 3D 7CA77FD6 49 Bytes [ 85, C0, 0F, 85, CF, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetCurDrive + 16 7CA78008 75 Bytes [ FF, 89, 85, C4, FE, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheSetCurDrive + 3C 7CA78054 22 Bytes [ FF, 50, 56, FF, 15, F8, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathA + 2 7CA7806B 12 Bytes [ 40, 8D, 85, B8, FE, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathA + F 7CA78078 16 Bytes [ FF, 10, 20, 9D, 7C, 89, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathA + 20 7CA78089 34 Bytes [ 85, F4, FE, FF, FF, 8B, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathA + 43 7CA780AC 26 Bytes [ 05, B8, 05, 00, 07, 80, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathA + 5E 7CA780C7 23 Bytes [ FF, 55, 8B, EC, 51, 8D, 45, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathW + 64 7CA7817F 47 Bytes [ FF, 50, FF, 15, 8C, 1A, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathW + 95 7CA781B0 3 Bytes [ B5, 9C, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathW + 99 7CA781B4 22 Bytes CALL 7C9E3900 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheFullPathW + B1 7CA781CC 1 Byte [ 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirExW + 7 7CA781DA 1 Byte [ 04 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirExW + 10 7CA781E3 1 Byte [ 56 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirExW + 12 7CA781E5 8 Bytes [ 75, 0C, 68, 00, 01, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirExW + 1B 7CA781EE 11 Bytes [ FC, 8D, 85, FC, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheGetDirExW + 27 7CA781FA 5 Bytes [ 35, 64, C5, BB, 7C ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExW + 16 7CA782E6 103 Bytes [ 75, 1C, 0F, B7, 45, 10, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExW + 7E 7CA7834E 5 Bytes [ FF, 0F, 84, 15, 01 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExW + 84 7CA78354 19 Bytes [ 00, 56, 8B, 75, 10, 3B, F2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExW + 98 7CA78368 48 Bytes [ 00, 00, 81, FE, C7, 04, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExW + C9 7CA78399 11 Bytes [ FF, BF, 0C, 03, 00, 00, 50, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExA + 5 7CA78558 54 Bytes [ 5D, EB, AD, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExA + 3C 7CA7858F 38 Bytes [ 85, C0, 0F, 85, 86, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExA + 63 7CA785B6 5 Bytes [ 01, 00, 00, 00, 57 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExA + 69 7CA785BC 167 Bytes [ 75, 0C, FF, 15, 8C, 1A, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SheChangeDirExA + 111 7CA78664 59 Bytes [ C2, 04, 00, 90, 90, 90, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RegenerateUserEnvironment + 25 7CA796CB 9 Bytes [ 50, FF, 36, 66, 89, BD, F0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RegenerateUserEnvironment + 2F 7CA796D5 2 Bytes [ 66, C7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RegenerateUserEnvironment + 32 7CA796D8 2 Bytes [ F2, EF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RegenerateUserEnvironment + 36 7CA796DC 82 Bytes [ 00, 10, FF, 15, CC, 10, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RegenerateUserEnvironment + 89 7CA7972F 34 Bytes [ D7, 85, C0, 74, 13, 68, B0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CallCPLEntry16 + 5 7CA79AD7 7 Bytes [ 00, 83, BD, F0, FD, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CallCPLEntry16 + D 7CA79ADF 22 Bytes [ 74, 7C, C6, 83, FF, 07, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CallCPLEntry16 + 24 7CA79AF6 153 Bytes [ 8D, 85, F4, FD, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CallCPLEntry16 + BE 7CA79B90 13 Bytes [ 00, 00, FF, B5, E0, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CallCPLEntry16 + CC 7CA79B9E 28 Bytes [ FF, D6, 85, C0, 0F, 84, 30, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_CloseProperties + 1 7CA7EF3A 95 Bytes CALL 7C9E091C C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_CloseProperties + 61 7CA7EF9A 143 Bytes [ 50, 89, 9D, C0, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_CloseProperties + F2 7CA7F02B 72 Bytes [ FF, B5, D0, FD, FF, FF, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_CloseProperties + 13B 7CA7F074 34 Bytes [ 00, FF, 15, 20, 1A, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_CloseProperties + 15E 7CA7F097 11 Bytes [ B0, FD, FF, FF, 50, 53, 68, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_GetProperties + 25 7CA7F67C 79 Bytes [ 8B, C6, 5E, 5D, C2, 10, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_GetProperties + 75 7CA7F6CC 4 Bytes [ 57, 56, E8, 51 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_GetProperties + 7B 7CA7F6D2 19 Bytes [ FF, 8B, F0, 3B, F7, 75, D1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_GetProperties + 8F 7CA7F6E6 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_GetProperties + E1 7CA7F738 26 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_SetProperties + 65 7CA7FF3B 161 Bytes [ 55, 8B, EC, 56, FF, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_SetProperties + 107 7CA7FFDD 31 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_SetProperties + 127 7CA7FFFD 49 Bytes [ 3B, FB, 0F, 9C, C1, 33, D2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_SetProperties + 159 7CA8002F 72 Bytes [ 15, 84, 1A, 9C, 7C, EB, 1F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_SetProperties + 1A2 7CA80078 42 Bytes [ FF, FF, 8B, 46, 1C, 66, 83, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_OpenProperties + 11B 7CA804EF 38 Bytes [ 15, 5C, 20, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_OpenProperties + 143 7CA80517 34 Bytes [ C9, C3, 90, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_OpenProperties + 166 7CA8053A 11 Bytes [ 51, 8D, 8D, EC, FB, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_OpenProperties + 172 7CA80546 18 Bytes [ 00, 53, 33, FF, 89, 45, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PifMgr_OpenProperties + 185 7CA80559 59 Bytes [ FF, 15, 3C, 19, 9C, 7C, 3B, … ].text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + D6 7CA3933F 59 Bytes [ 47, 08, 83, 38, 01, 0F, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 112 7CA3937B 124 Bytes [ 55, 8B, EC, 56, FF, 75, 14, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconExW + 1C 7CA39A73 57 Bytes [ FF, 04, 8B, 3D, F0, 20, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconExW + 56 7CA39AAD 1 Byte [ FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconExW + 58 7CA39AAF 27 Bytes CALL 7CA38CDD C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconExW + 74 7CA39ACB 31 Bytes [ 00, 0F, 84, 69, 08, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconExW + 94 7CA39AEB 36 Bytes [ 00, 0F, 84, A7, F2, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragAcceptFiles + 39 7CA3A270 93 Bytes [ 25, AC, 19, 9C, 7C, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragAcceptFiles + 97 7CA3A2CE 35 Bytes [ FF, 33, C0, 66, 3B, 0F, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragAcceptFiles + BB 7CA3A2F2 18 Bytes [ A0, C0, 00, 00, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragAcceptFiles + D1 7CA3A308 85 Bytes CALL 7C9E3779 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragAcceptFiles + 127 7CA3A35E 3 Bytes [ AA, 92, FA ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellAboutW + 40 7CA5F92B 67 Bytes [ 00, 01, 00, 00, 00, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellAboutA + 35 7CA5F96F 19 Bytes [ 00, 01, 00, 00, 00, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellAboutA + 49 7CA5F983 47 Bytes [ 00, 01, 00, 00, 00, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellAboutA + 79 7CA5F9B3 35 Bytes [ 00, 01, 00, 00, 00, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellAboutA + 9D 7CA5F9D7 16 Bytes [ 00, 01, 00, 00, 00, 01, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellAboutA + AE 7CA5F9E8 46 Bytes [ 01, 00, 00, 00, 01, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHQueryRecycleBinW + 55 7CA632CE 62 Bytes [ FF, FF, 15, F8, 20, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHQueryRecycleBinA + 2 7CA6330D 33 Bytes [ 15, 0C, 1A, 9C, 7C, 8D, 86, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHQueryRecycleBinA + 24 7CA6332F 21 Bytes [ 15, F4, B9, 9E, 7C, 83, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHQueryRecycleBinA + 3A 7CA63345 19 Bytes [ FF, 50, FF, 75, 14, E8, E1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHQueryRecycleBinA + 4E 7CA63359 2 Bytes [ 8D, 85 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHQueryRecycleBinA + 51 7CA6335C 66 Bytes [ FB, FF, FF, FF, 75, 10, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 2 7CA6360C 6 Bytes [ FF, 53, E8, 3B, EE, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 9 7CA63613 30 Bytes [ 39, B5, DC, F9, FF, FF, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 29 7CA63633 31 Bytes [ 18, 01, 00, 00, 74, 08, 39, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 4A 7CA63654 14 Bytes CALL 7CA60A88 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinW + 59 7CA63663 62 Bytes [ 8D, 1C, 9D, D8, 18, BC, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 2E 7CA636A2 89 Bytes [ 35, 64, C5, BB, 7C, E8, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 88 7CA636FC 110 Bytes [ 56, 0F, 94, C1, 56, 56, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinA + F7 7CA6376B 65 Bytes [ FF, 0F, 94, C0, 89, 41, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 139 7CA637AD 5 Bytes [ FF, 8D, 85, DC, F7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHEmptyRecycleBinA + 140 7CA637B4 54 Bytes CALL 7CA61F64 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 18 7CA637EB 112 Bytes [ 85, C0, 0F, 84, 4A, 02, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 89 7CA6385C 183 Bytes [ 8D, 85, DC, F7, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 141 7CA63914 24 Bytes [ D8, BE, 04, 01, 00, 00, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 15A 7CA6392D 13 Bytes [ 08, FE, FF, FF, 50, 57, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateStdEnumFmtEtc + 168 7CA6393B 63 Bytes [ 32, 68, AC, DE, 9C, 7C, 56, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WriteCabinetState + 7E 7CA63B36 54 Bytes [ 15, CC, 20, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WriteCabinetState + B5 7CA63B6D 15 Bytes [ FF, 00, EB, 0C, FF, 15, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WriteCabinetState + C5 7CA63B7D 135 Bytes [ 83, BD, BC, F7, FF, FF, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WriteCabinetState + 14D 7CA63C05 7 Bytes [ 15, A4, 20, 9C, 7C, 57, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!WriteCabinetState + 155 7CA63C0D 39 Bytes [ B5, D8, F7, FF, FF, 89, 85, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFreeNameMappings + 2E 7CA65A9F 59 Bytes [ FF, 89, 9E, 18, 02, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFreeNameMappings + 6A 7CA65ADB 22 Bytes [ 07, 3B, C3, 74, 09, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFreeNameMappings + 81 7CA65AF2 19 Bytes [ 15, 54, 1A, 9C, 7C, 89, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFreeNameMappings + 95 7CA65B06 19 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFreeNameMappings + A9 7CA65B1A 20 Bytes [ 76, 04, 33, DB, 89, 5D, FC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectory + 7 7CA6727C 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectory + 9 7CA6727E 18 Bytes [ 41, 56, 8B, 75, 08, 57, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExA + 1 7CA67291 15 Bytes CALL 7CA6712F C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExA + 11 7CA672A1 23 Bytes [ FF, 15, DC, 12, 9C, 7C, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExA + 29 7CA672B9 1 Byte [ 15 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExA + 2B 7CA672BB 48 Bytes [ 13, 9C, 7C, 5F, 5E, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExA + 5D 7CA672ED 22 Bytes [ 00, 8B, 51, 34, 85, D2, 0F, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperationW + 24 7CA6D1DD 27 Bytes [ 00, 8B, 86, A4, 00, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperationW + 41 7CA6D1FA 225 Bytes [ 00, C7, 46, 3C, 01, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperationW + 123 7CA6D2DC 11 Bytes [ A1, 08, C5, BB, 7C, 53, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperationW + 12F 7CA6D2E8 8 Bytes [ FC, 8B, 45, 0C, 57, 8B, D8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperationW + 138 7CA6D2F1 56 Bytes [ 40, 85, C0, BF, 00, 01, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperation + 4B 7CA6D4EC 41 Bytes [ FF, 8D, 85, F4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperation + 75 7CA6D516 67 Bytes [ 85, F4, FD, FF, FF, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperation + B9 7CA6D55A 56 Bytes [ FF, EB, 2B, 8B, 3D, F4, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperation + F2 7CA6D593 16 Bytes [ FF, 8B, 46, 40, 85, C0, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFileOperation + 103 7CA6D5A4 36 Bytes [ FF, 00, 01, 00, 00, 75, 19, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLL + 59 7CA6E03E 88 Bytes [ 00, 50, 8D, 86, F4, 00, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA6E097 5 Bytes [ 50, 8D, 86, F4, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLL + B9 7CA6E09E 91 Bytes CALL 7CA683B7 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 20 7CA6E0FA 38 Bytes [ B5, 04, F9, FF, FF, E8, D8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 47 7CA6E121 29 Bytes [ 83, F8, FF, 74, 11, 8D, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA6E13F 11 Bytes [ FF, 68, 04, 01, 00, 00, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA6E14B 7 Bytes [ 8D, 85, B4, FD, FF, FF, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_FillCache_RunDLLW + 79 7CA6E153 108 Bytes [ 15, F4, 20, 9C, 7C, 56, 8D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRunControlPanel + E 7CA6ECAF 2 Bytes [ 8B, FE ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRunControlPanel + 14 7CA6ECB5 1 Byte [ 1C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLL + 5 7CA6ECC1 13 Bytes [ FF, 75, 20, FF, 75, 1C, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLL + 13 7CA6ECCF 6 Bytes [ 10, FF, 75, 0C, FF, 75 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLL + 1A 7CA6ECD6 13 Bytes [ 68, 90, 77, 9D, 7C, 68, 58, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLL + 29 7CA6ECE5 87 Bytes [ 5D, C2, 1C, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLLW + 28 7CA6ED3D 137 Bytes [ D6, 66, 85, C0, 74, 3C, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 59 7CA6EDC7 36 Bytes [ D6, 68, 68, 12, 9D, 7C, 66, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 7F 7CA6EDED 3 Bytes [ EB, 38, 66 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 83 7CA6EDF1 14 Bytes [ 65, BC, 00, 85, DB, 74, 0D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLLAsUserW + 92 7CA6EE00 15 Bytes [ 15, 94, 13, 9C, 7C, 83, 65, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Control_RunDLLAsUserW + A2 7CA6EE10 124 Bytes [ 45, B8, 89, 45, B0, 8D, 45, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DuplicateIcon + 33 7CA6F406 47 Bytes [ 83, 20, 00, EB, 4D, 8B, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DuplicateIcon + 63 7CA6F436 136 Bytes [ 9C, 7C, 8B, 85, E4, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FreeIconList + 36 7CA6F4BF 14 Bytes [ 15, CC, 1F, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FreeIconList + 45 7CA6F4CE 55 Bytes [ 85, C9, 74, 2A, 8B, 83, 14, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoW + 1C 7CA6F506 5 Bytes [ B6, EC, 77, 9D, 7C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoW + 22 7CA6F50C 26 Bytes CALL 7C9E3A7E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoW + 3D 7CA6F527 18 Bytes CALL 7C9E3A81 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoW + 52 7CA6F53C 27 Bytes [ 6A, 00, FF, 75, FC, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoW + 6F 7CA6F559 54 Bytes [ A1, 08, C5, BB, 7C, 53, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoA + 11 7CA6FA04 32 Bytes [ FF, F3, AB, 68, 08, 02, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoA + 32 7CA6FA25 6 Bytes [ FF, 50, E8, 0E, F8, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoA + 39 7CA6FA2C 5 Bytes [ 8D, 85, D8, F7, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconResInfoA + 3F 7CA6FA32 67 Bytes [ 50, FF, 15, AC, 20, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 17 7CA6FA76 35 Bytes [ FF, FF, 15, 78, 20, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 3B 7CA6FA9A 39 Bytes [ C9, C2, 04, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 63 7CA6FAC2 11 Bytes [ 00, 00, 8D, 85, F4, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 6F 7CA6FACE 25 Bytes [ 15, E0, 19, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExW + 89 7CA6FAE8 38 Bytes [ 15, CC, 20, 9C, 7C, 85, C0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 20 7CA6FC4A 10 Bytes [ 75, 0C, FF, 75, 10, 53, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 2D 7CA6FC57 24 Bytes [ F8, 56, FF, 15, 90, 1A, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 48 7CA6FC72 57 Bytes [ 00, 74, 16, FF, B5, EC, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 82 7CA6FCAC 5 Bytes [ 75, 08, E8, 1C, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconExA + 89 7CA6FCB3 88 Bytes [ 5D, C2, 08, 00, 90, 90, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconW + F 7CA6FD28 41 Bytes [ 08, 57, 8B, 7D, 0C, 68, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconW + 39 7CA6FD52 53 Bytes CALL 7CA6F54A C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconA + 11 7CA6FD88 56 Bytes [ 5D, C2, 10, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconA + 4A 7CA6FDC1 26 Bytes [ FF, 8D, 85, E4, FB, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListW + 1 7CA6FDDC 13 Bytes [ 45, F8, FF, B5, E0, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListW + F 7CA6FDEA 163 Bytes [ FF, 33, C0, 40, EB, 05, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListW + B3 7CA6FE8E 82 Bytes [ 55, 8B, EC, 8B, 45, 14, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListW + 108 7CA6FEE3 41 Bytes [ 8B, FF, 55, 8B, EC, 53, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconA + 28 7CA6FF0D 104 Bytes [ C0, 74, 1B, 8B, 4D, 14, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconA + 91 7CA6FF76 165 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractAssociatedIconA + 137 7CA7001C 17 Bytes [ 00, 2B, D7, 79, 02, F7, DA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstA + 4 7CA7002E 78 Bytes [ CF, 2B, CA, 8B, D1, 0F, AF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstA + 53 7CA7007D 1 Byte [ AF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstA + 55 7CA7007F 102 Bytes [ 0F, AF, C3, 33, D2, F7, F1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstA + BC 7CA700E6 150 Bytes [ 7D, 18, 8B, 1D, 10, 11, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + 5D 7CA7017D 57 Bytes [ 45, 1C, FF, 70, 08, FF, D3, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + 97 7CA701B7 11 Bytes [ 75, F0, FF, 75, 08, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + A3 7CA701C3 26 Bytes [ 75, EC, FF, D6, FF, 75, E4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + BE 7CA701DE 51 Bytes [ 50, 6A, 01, 6A, 00, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceA + F2 7CA70212 116 Bytes [ D8, 53, FF, 75, 08, FF, D7, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHHelpShortcuts_RunDLL + 3C 7CA7032B 78 Bytes [ 08, FF, 15, 24, 12, 9C, 7C, … ].text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Lock + 7F 7CA08BA0 39 Bytes [ F6, 87, 59, 06, 00, 00, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Lock + A7 7CA08BC8 116 Bytes [ F0, 3B, F3, 0F, 8C, 8D, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILLoadFromStream + 1F 7CA09F90 103 Bytes CALL 7C9F068E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILLoadFromStream + 87 7CA09FF8 9 Bytes [ 0F, 84, 28, BC, 03, 00, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILLoadFromStream + 91 7CA0A002 52 Bytes CALL 7C9EFFB8 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILLoadFromStream + C6 7CA0A037 75 Bytes [ 00, 8B, 4E, 14, 6A, 02, 68, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILLoadFromStream + 112 7CA0A083 23 Bytes [ 80, 8E, 11, 02, 00, 00, 04, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListW + 25 7CA0A324 42 Bytes CALL 7C9E968E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListW + 50 7CA0A34F 59 Bytes [ 85, F4, FD, FF, FF, 50, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListW + 8D 7CA0A38C 27 Bytes [ 01, E4, FD, FF, 50, 68, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListW + A9 7CA0A3A8 25 Bytes [ FF, FF, 90, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDataFromIDListW + C3 7CA0A3C2 8 Bytes [ 18, 83, 7D, 0C, 00, 8D, 04, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetRealIDL + 96 7CA0B0BB 37 Bytes [ 00, 89, 85, F0, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetRealIDL + BC 7CA0B0E1 43 Bytes [ 56, 8B, 75, 14, 83, 26, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetRealIDL + E8 7CA0B10D 40 Bytes [ 75, 10, 8D, 55, 08, 52, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetRealIDL + 111 7CA0B136 11 Bytes JMP 7C9FC4E5 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetRealIDL + 11D 7CA0B142 23 Bytes [ 55, 8B, EC, 51, 53, 8B, 5D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CommandLineToArgvW + 59 7CA0C1C4 10 Bytes [ CE, FF, 50, 14, 8B, C7, 5F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CommandLineToArgvW + 64 7CA0C1CF 9 Bytes [ 00, 90, 90, 90, 90, 90, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CommandLineToArgvW + 6E 7CA0C1D9 8 Bytes [ EC, 56, 8B, F1, E8, 19, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CommandLineToArgvW + 77 7CA0C1E2 19 Bytes [ F6, 45, 08, 01, 74, 07, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!CommandLineToArgvW + 8B 7CA0C1F6 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathResolve + 5D 7CA0D37A 9 Bytes [ FF, 15, 1C, 18, 9C, 7C, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathResolve + 67 7CA0D384 6 Bytes [ D8, 0F, 84, 29, 01, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathResolve + 6E 7CA0D38B 277 Bytes [ 8B, 08, 8D, 55, EC, 52, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExecutableW + 2 7CA0D4A1 37 Bytes [ 75, 0C, 68, B4, E0, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExecutableW + 28 7CA0D4C7 62 Bytes [ 75, 0C, 8B, 45, 08, 83, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExecutableW + 67 7CA0D506 6 Bytes [ 68, 20, E1, 9C, 7C, 57 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExecutableW + 6E 7CA0D50D 62 Bytes CALL 7C9EBE95 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!FindExecutableW + AD 7CA0D54C 71 Bytes [ 6A, 20, 8D, 45, DC, 50, E8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSettings + 32 7CA0D5F0 12 Bytes [ D0, 8B, 08, 50, FF, 51, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteExW 7CA0D5FE 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteExW + 4 7CA0D602 109 Bytes [ FF, 55, 8B, EC, 56, 57, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteExW + 72 7CA0D670 39 Bytes [ 48, 0C, 8B, D1, 57, C1, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteExW + 9B 7CA0D699 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteExW + 9F 7CA0D69D 37 Bytes [ FF, 55, 8B, EC, 56, 68, 48, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteEx + F 7CA0FB2B 48 Bytes [ 55, 8B, EC, 81, EC, 90, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteEx + 40 7CA0FB5C 4 Bytes [ FF, FF, 51, 8D ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteEx + 45 7CA0FB61 2 Bytes [ 7C, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteEx + 49 7CA0FB65 19 Bytes [ 51, 6A, 04, 50, 6A, 01, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteEx + 5D 7CA0FB79 79 Bytes [ FF, FF, 74, 11, 6A, 01, 57, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteA + 94 7CA0FED8 56 Bytes [ 53, 00, 68, 00, 65, 00, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteA + D1 7CA0FF15 405 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteA + 267 7CA100AB 246 Bytes [ 00, 56, FF, 75, 0C, E8, 81, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteA + 35E 7CA101A2 68 Bytes [ A1, 08, C5, BB, 7C, 89, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ShellExecuteA + 3A3 7CA101E7 24 Bytes [ 15, 40, 1D, 9C, 7C, 85, C0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHTestTokenMembership + 3A 7CA11BB7 42 Bytes [ 68, 41, 01, 00, 00, 68, AC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHTestTokenMembership + 65 7CA11BE2 56 Bytes [ 66, 3B, C3, 66, A3, 48, 18, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHTestTokenMembership + 9E 7CA11C1B 35 Bytes [ FF, 15, 1C, 18, 9C, 7C, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHTestTokenMembership + C2 7CA11C3F 4 Bytes [ 15, 10, 17, 9C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHTestTokenMembership + C7 7CA11C44 15 Bytes [ 3B, C6, 74, 11, 68, 48, 7F, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenRegStream + 14 7CA120E2 31 Bytes [ 50, 68, 28, 11, A1, 7C, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenRegStream + 34 7CA12102 14 Bytes [ 53, 50, 68, 00, 00, 00, 80, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenRegStream + 43 7CA12111 4 Bytes [ 85, 14, 08, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenRegStream + 48 7CA12116 27 Bytes [ 66, 89, 1E, 8B, 4D, FC, 5F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!OpenRegStream + 64 7CA12132 97 Bytes [ 63, 00, 61, 00, 74, 00, 69, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconW + 10 7CA122D8 81 Bytes [ 00, 83, 7D, 10, 00, A1, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconW + 62 7CA1232A 68 Bytes [ BF, 10, 43, 9C, 7C, 33, D2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconW + A7 7CA1236F 14 Bytes [ FF, B5, F0, FD, FF, FF, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconW + B6 7CA1237E 20 Bytes [ C6, 5F, 8B, 4D, FC, 5E, 5B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractIconW + CD 7CA12395 41 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDList + 5 7CA13AB6 57 Bytes [ 56, 57, 6A, 01, 6A, 01, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDList + 3F 7CA13AF0 35 Bytes CALL 7C9E38FF C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDList + 63 7CA13B14 29 Bytes JMP 7C9F9B63 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDList + 81 7CA13B32 59 Bytes CALL 7C9E8B87 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDList + BD 7CA13B6E 111 Bytes [ 15, 70, FC, 9D, 7C, 50, E8, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILGetNext + 6A 7CA1461B 8 Bytes [ EC, 10, 53, 56, C7, 45, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILGetNext + 73 7CA14624 5 Bytes [ 00, 00, C6, 45, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILGetNext + 79 7CA1462A 14 Bytes CALL 7CA143CF C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILGetNext + 88 7CA14639 52 Bytes [ 8B, 75, 08, 6A, 00, 6A, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILGetNext + BD 7CA1466E 10 Bytes [ 68, F8, B0, 9C, 7C, E8, 4B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ReadCabinetState + 55 7CA1496B 6 Bytes [ 04, 59, 33, C0, F3, A7 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ReadCabinetState + 5C 7CA14972 58 Bytes [ E4, 8B, 45, FC, 5F, 5E, 5B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ReadCabinetState + 97 7CA149AD 65 Bytes [ F8, 3B, FE, 0F, 8C, 2F, 33, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ReadCabinetState + D9 7CA149EF 2 Bytes [ 0F, 94 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ReadCabinetState + DC 7CA149F2 70 Bytes [ C1, E0, 09, 33, 06, 25, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgReadMultiple + 25 7CA1A12B 68 Bytes [ 15, 68, AF, 9E, 7C, 83, A0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgReadMultiple + 6A 7CA1A170 5 Bytes [ 72, EA, FF, 75, FC ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgReadMultiple + 70 7CA1A176 96 Bytes [ 45, 08, 57, 68, 3A, 10, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgReadMultiple + D1 7CA1A1D7 1 Byte [ F0 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPropStgReadMultiple + D3 7CA1A1D9 30 Bytes [ 02, C1, E0, 02, 50, 51, 52, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_ShowDragImage + 31 7CA1B7F5 14 Bytes [ 90, 90, 90, 8B, FF, 53, 56, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_ShowDragImage + 40 7CA1B804 145 Bytes [ 6C, 9C, 7C, C7, 46, 04, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_ShowDragImage + D2 7CA1B896 49 Bytes [ 00, 8D, 0C, 40, 8D, BC, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_ShowDragImage + 104 7CA1B8C8 98 Bytes [ 08, 85, C0, 56, 8B, F1, C7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DAD_ShowDragImage + 167 7CA1B92B 3 Bytes [ 45, FC, 39 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsUserAnAdmin + 23 7CA1BFC9 44 Bytes [ 10, 8B, F8, 8B, 06, 56, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsUserAnAdmin + 50 7CA1BFF6 40 Bytes [ C0, 0F, 84, 21, 3B, 03, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsUserAnAdmin + 79 7CA1C01F 43 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsUserAnAdmin + A5 7CA1C04B 14 Bytes [ 56, FF, 35, 64, C5, BB, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsUserAnAdmin + B4 7CA1C05A 49 Bytes [ 15, 1C, 16, 9C, 7C, 85, C0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathProcessCommand + 19 7CA1C890 17 Bytes CALL 7CA1C89F C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathProcessCommand + 2B 7CA1C8A2 79 Bytes [ 55, 8B, EC, 83, EC, 7C, A1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathProcessCommand + 7B 7CA1C8F2 57 Bytes [ D7, 85, C0, 75, 5E, FF, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathProcessCommand + B5 7CA1C92C 9 Bytes CALL 7C9FF6D7 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathProcessCommand + BF 7CA1C936 145 Bytes [ 45, 8C, 8B, 08, 50, FF, 51, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFileAorW + 3D 7CA1FD4E 48 Bytes [ C1, FD, FF, FF, 08, 0F, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFileAorW + 6E 7CA1FD7F 27 Bytes [ 76, 28, 33, DB, 8D, 85, B8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFileAorW + 8A 7CA1FD9B 13 Bytes [ F1, FF, FF, 8B, 85, F4, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFileAorW + 98 7CA1FDA9 30 Bytes [ 40, 89, 85, F8, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DragQueryFileAorW + B7 7CA1FDC8 103 Bytes [ FF, FF, 8D, 4E, FC, E8, 46, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListA + 2F 7CA29578 75 Bytes JMP 7CA299C9 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListA + 7C 7CA295C5 4 Bytes [ 8B, 4B, 64, 6A ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListA + 81 7CA295CA 9 Bytes [ 6A, FF, 56, 6A, 01, E8, 4E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListA + 8B 7CA295D4 3 Bytes [ 83, 7B, 64 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!InternalExtractIconListA + 8F 7CA295D8 5 Bytes [ 0F, 84, EB, 03, 00 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 37 7CA2BB45 7 Bytes [ 00, 33, C9, E9, 14, FF, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 3F 7CA2BB4D 25 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 5A 7CA2BB68 56 Bytes [ FF, 86, 0C, 01, 00, 00, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 93 7CA2BBA1 155 Bytes [ E2, FF, FF, 90, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetFolderCustomSettingsW + 130 7CA2BC3E 66 Bytes [ 90, 90, 90, 90, 90, 6A, 20, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirW + 32 7CA30E0E 2 Bytes [ A0, 1A ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirW + 36 7CA30E12 26 Bytes [ F6, 86, 12, 02, 00, 00, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathAndSubDirW + 51 7CA30E2D 91 Bytes [ FC, FF, 6A, 16, FF, 15, C8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExW + 2C 7CA30E89 85 Bytes [ 15, 68, 1A, 9C, 7C, 5F, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExW + 82 7CA30EDF 10 Bytes [ 15, 28, C3, BB, 7C, 8D, 4E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExW + 8D 7CA30EEA 15 Bytes CALL 7CA30F2E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExW + 9D 7CA30EFA 5 Bytes [ 08, 50, FF, 91, 94 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateDirectoryExW + A3 7CA30F00 90 Bytes [ 00, 00, 57, 57, 8B, D8, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + 5 7CA318F4 190 Bytes [ 00, 85, C0, 0F, 84, A2, F9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + C4 7CA319B3 21 Bytes JMP 7CA115AD C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + DA 7CA319C9 71 Bytes JMP 7C9EDF59 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + 122 7CA31A11 28 Bytes [ 45, F8, 50, 68, A0, 98, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHUpdateRecycleBinIcon + 140 7CA31A2F 18 Bytes CALL 7CA31A4F C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetLocalizedName + 17 7CA3352D 2 Bytes [ 88, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetLocalizedName + 1B 7CA33531 133 Bytes [ 6A, 07, 59, 33, F6, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetLocalizedName + A3 7CA335B9 28 Bytes [ 8B, 85, 8C, FD, FF, FF, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetLocalizedName + C0 7CA335D6 40 Bytes [ C9, C2, 10, 00, FF, 76, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSetLocalizedName + E9 7CA335FF 28 Bytes [ 50, 68, 8C, 59, 9C, 7C, 68, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushSFCache + 2B 7CA33673 66 Bytes CALL 7CA3367A C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushSFCache + 6E 7CA336B6 53 Bytes [ 55, 8B, EC, FF, 75, 10, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushSFCache + A4 7CA336EC 25 Bytes [ E0, 8D, 45, 08, 50, 8B, CB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushSFCache + BE 7CA33706 185 Bytes [ EC, 83, EC, 2C, A1, 08, C5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFlushSFCache + 178 7CA337C0 39 Bytes [ 55, 8B, EC, 83, 7D, 0C, 01, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractVersionResource16W + B 7CA35FE3 103 Bytes [ D8, 8B, C7, 69, C0, E8, 03, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractVersionResource16W + 73 7CA3604B 24 Bytes [ 15, 3C, 12, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractVersionResource16W + 8C 7CA36064 140 Bytes [ 74, 30, FF, 75, 30, 8B, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractVersionResource16W + 119 7CA360F1 44 Bytes [ 35, 64, C5, BB, 7C, C7, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ExtractVersionResource16W + 146 7CA3611E 11 Bytes [ 8D, 46, 01, 6A, 05, 89, 5D, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 83 7CA378DD 19 Bytes [ BC, 98, D4, 02, 00, 00, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 97 7CA378F1 138 Bytes [ 15, 84, 1A, 9C, 7C, 8B, F0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 123 7CA3797D 25 Bytes [ FF, 75, 18, 8B, 4D, 08, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 13D 7CA37997 42 Bytes [ D2, 8B, 4D, 08, 75, 13, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHPathPrepareForWriteW + 168 7CA379C2 36 Bytes [ 75, 0C, FF, 15, C8, 13, 9C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstW + A 7CA37C25 82 Bytes [ 00, 00, 83, F8, F9, 0F, 85, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstW + 5D 7CA37C78 70 Bytes CALL 7C9F7EE7 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstW + A5 7CA37CC0 10 Bytes [ 57, FF, 15, 2C, 13, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstW + B0 7CA37CCB 9 Bytes [ FF, 6A, 01, 8B, CE, E8, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DoEnvironmentSubstW + BB 7CA37CD6 84 Bytes [ 15, 0C, 14, 9C, 7C, 3B, 86, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIconW + 4A 7CA37D2B 83 Bytes [ 80, 5D, C2, 10, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIconW + 9E 7CA37D7F 5 Bytes [ 75, 0C, 8B, 08, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIconW + A4 7CA37D85 25 Bytes [ 51, 40, 5D, C2, 08, 00, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIconW + BE 7CA37D9F 65 Bytes [ 91, A4, 00, 00, 00, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIconW + 100 7CA37DE1 18 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathA + 1E 7CA383CE 11 Bytes [ B5, E4, FD, FF, FF, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathA + 2A 7CA383DA 44 Bytes [ 15, B0, 98, A3, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathA + 57 7CA38407 25 Bytes [ FF, B5, E0, FD, FF, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathA + 71 7CA38421 14 Bytes [ 7C, 9E, FF, B5, D8, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathA + BC 7CA3846C 141 Bytes CALL 7CA37FCC C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 61 7CA384FA 26 Bytes [ 57, FF, 15, D4, 12, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 7D 7CA38516 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 81 7CA3851A 66 Bytes [ FF, 55, 8B, EC, 56, 6A, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + C4 7CA3855D 11 Bytes JMP 7CA37FB7 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + D0 7CA38569 14 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIcon + 24 7CA38A0B 47 Bytes [ C7, 85, AC, FB, FF, FF, 3C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIcon + 54 7CA38A3B 58 Bytes [ FF, 04, 8D, 85, AC, FB, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIcon + 8F 7CA38A76 84 Bytes [ FF, 55, 8B, EC, 83, 3D, 3C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIcon + E5 7CA38ACC 37 Bytes [ FF, 75, 08, FF, 76, 08, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_NotifyIcon + 10B 7CA38AF2 17 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 3C 7CA392A5 73 Bytes [ 00, 00, 5F, 5E, 8B, C3, 5B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + 86 7CA392EF 41 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDiskFreeSpaceExW + B1 7CA3931A 36 Bytes [ FF, 77, 10, FF, 15, 8C, 13, … ].text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDListW + 15 7C9E9D91 6 Bytes [ C5, BB, 7C, 89, 45, FC ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDListW + 1C 7C9E9D98 44 Bytes [ 45, 08, 50, 6A, 07, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDListW + 49 7C9E9DC5 44 Bytes [ 85, C0, 0F, 85, 19, B1, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDListW + 76 7C9E9DF2 31 Bytes CALL 7C9E9A1E C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetPathFromIDListW + 96 7C9E9E12 29 Bytes [ C0, 0F, 84, 7C, 6E, 02, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!RealDriveType + 1E 7C9E9E9C 23 Bytes [ 34, 50, FF, 76, 14, E8, 63, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DriveType 7C9E9EB6 24 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DriveType + 19 7C9E9ECF 18 Bytes [ 76, 04, FF, 75, 0C, 53, E8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DriveType + 2C 7C9E9EE2 69 Bytes [ 74, 2C, 6A, 00, 8D, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DriveType + 72 7C9E9F28 10 Bytes [ FF, 55, 8B, EC, 8B, 45, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DriveType + 7D 7C9E9F33 29 Bytes [ 7F, 0F, 87, CF, 5D, 06, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsNetDrive + B 7C9EA04A 151 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsNetDrive + A4 7C9EA0E3 3 Bytes [ 8B, FF, 55 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsNetDrive + A8 7C9EA0E7 122 Bytes [ EC, 51, 83, 65, FC, 00, 53, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsNetDrive + 123 7C9EA162 24 Bytes [ C7, 5F, 5E, C9, C3, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsNetDrive + 13C 7C9EA17B 1 Byte [ 00 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetClassObject + 3C 7C9EADA4 91 Bytes [ C5, BB, 7C, 56, 8B, 75, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetClassObject + 98 7C9EAE00 16 Bytes [ B5, E0, FD, FF, FF, E8, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetClassObject + A9 7C9EAE11 55 Bytes [ 85, E0, FD, FF, FF, 8D, 95, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetClassObject + E1 7C9EAE49 56 Bytes [ 8B, 85, E0, FD, FF, FF, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetClassObject + 11A 7C9EAE82 3 Bytes [ EC, 83, EC ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCoCreateInstance + 2 7C9EAFF2 11 Bytes CALL 7C9EB4F4 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCoCreateInstance + F 7C9EAFFF 37 Bytes [ FC, 66, F7, D8, 5F, 5E, 5B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCoCreateInstance + 37 7C9EB027 19 Bytes CALL 7C9E3A80 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCoCreateInstance + 4B 7C9EB03B 5 Bytes [ 90, 90, 90, 90, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCoCreateInstance + 51 7C9EB041 30 Bytes [ 55, 8B, EC, 81, EC, 14, 02, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetImageLists + 5E 7C9EB158 32 Bytes [ C9, C2, 10, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetImageLists + 80 7C9EB17A 49 Bytes [ 00, 53, 8B, 5D, 18, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBindToParent + 27 7C9EB1AC 45 Bytes [ 00, 8D, 85, F4, F5, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBindToParent + 55 7C9EB1DA 107 Bytes [ FF, C9, C2, 18, 00, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBindToParent + C1 7C9EB246 67 Bytes [ C4, FF, FF, 8D, 85, E4, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBindToParent + 105 7C9EB28A 29 Bytes [ 8B, 55, 10, A1, 08, C5, BB, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHBindToParent + 123 7C9EB2A8 106 Bytes [ 08, 51, 33, FF, 50, 57, 89, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSimpleIDListFromPath 7C9EB4F4 3 Bytes [ 90, 90, 90 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSimpleIDListFromPath + 4 7C9EB4F8 47 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSimpleIDListFromPath + 34 7C9EB528 10 Bytes [ C6, 5E, 5D, C2, 08, 00, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHSimpleIDListFromPath + 3F 7C9EB533 62 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowW + 25 7C9EB572 29 Bytes [ FF, C9, C2, 08, 00, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowW + 43 7C9EB590 30 Bytes [ 8B, F1, 47, 83, BE, A4, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowW + 62 7C9EB5AF 107 Bytes [ FF, 8D, 85, EC, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowW + CE 7C9EB61B 170 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsSlowW + 179 7C9EB6C6 20 Bytes [ C7, 06, 80, 7A, 9C, 7C, 74, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILIsParent + A2 7C9EB7B9 116 Bytes [ 4D, 10, 56, 8B, 75, 0C, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindChild + 57 7C9EB82E 5 Bytes [ C6, 5E, 5D, C2, 0C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindChild + 5D 7C9EB834 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindChild + 66 7C9EB83D 10 Bytes [ EC, 56, 57, 68, 98, 04, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindChild + 71 7C9EB848 12 Bytes [ FF, FF, 85, C0, 59, 74, 44, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindChild + 7E 7C9EB855 7 Bytes [ 75, 0C, FF, 75, 08, E8, 8F ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyRegister + 13 7C9EE90C 38 Bytes [ 83, 7B, 34, 00, 74, 0C, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyRegister + 3A 7C9EE933 54 Bytes [ 80, 74, 17, 5F, 5E, 5B, 5D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyRegister + 71 7C9EE96A 13 Bytes [ 07, 33, C0, 5E, 5D, C2, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyRegister + 7F 7C9EE978 83 Bytes CALL 7C9E4659 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyRegister + D3 7C9EE9CC 42 Bytes [ 4B, FF, FF, 85, C0, 59, 74, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_MergeMenus + 4 7C9EF77B 5 Bytes [ 75, 08, 83, 7E, 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_MergeMenus + A 7C9EF781 49 Bytes [ 74, 1B, 8D, 45, 14, 50, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_MergeMenus + 3C 7C9EF7B3 1 Byte [ F4 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_MergeMenus + 40 7C9EF7B7 1 Byte [ 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_MergeMenus + 42 7C9EF7B9 2 Bytes [ 76, BD ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderView + 11 7C9F067F 37 Bytes CALL 7C9ECD0D C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderView + 37 7C9F06A5 302 Bytes [ A8, 20, 0F, 85, 84, 53, 05, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderView + 167 7C9F07D5 41 Bytes [ B8, 05, 40, 00, 80, 74, 30, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderView + 191 7C9F07FF 5 Bytes [ 75, 10, FF, 75, 0C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCreateShellFolderView + 198 7C9F0806 54 Bytes [ 08, 50, FF, 51, 1C, 5B, 5E, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 23 7C9F6AFA 24 Bytes [ C9, C2, 10, 00, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 3C 7C9F6B13 31 Bytes [ 06, 8B, D9, 57, 8D, 7B, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + 5C 7C9F6B33 130 Bytes [ 55, 8B, EC, 81, EC, 28, 01, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + DF 7C9F6BB6 1 Byte [ 61 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Shell_GetCachedImageIndex + E1 7C9F6BB8 1 Byte [ 6E ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + B1 7C9F7377 18 Bytes [ 55, 8B, EC, 8B, 45, 08, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + C6 7C9F738C 5 Bytes [ 8B, FF, 55, 8B, EC ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + CC 7C9F7392 49 Bytes [ 45, 08, 56, 57, 8B, 7D, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + FE 7C9F73C4 41 Bytes CALL 7C9E6B73 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapIDListToImageListIndexAsync + 128 7C9F73EE 61 Bytes [ C8, 23, 4D, 0C, 3B, C8, 0F, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + B 7C9F7E84 3 Bytes [ C2, 5F, 05 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + F 7C9F7E88 1 Byte [ 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 11 7C9F7E8A 77 Bytes CALL 061C3A9E
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 5F 7C9F7ED8 65 Bytes [ 0F, 84, 9A, 45, 05, 00, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHMapPIDLToSystemImageListIndex + A1 7C9F7F1A 48 Bytes [ FF, 55, 8B, EC, 8D, 81, 64, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconW + 2 7C9F997A 29 Bytes JMP 7C9F98F4 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconW + 20 7C9F9998 25 Bytes [ 55, 8B, EC, 83, EC, 40, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconW + 3A 7C9F99B2 30 Bytes [ 84, AE, 1B, 00, 00, 56, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHDefExtractIconW + 59 7C9F99D1 108 Bytes [ 1E, 05, 00, 8D, 45, 0C, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHExtractIconsW + 15 7C9F9A3E 10 Bytes [ FF, 43, 83, C7, 1C, 3B, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHExtractIconsW + 20 7C9F9A49 23 Bytes [ 76, 38, 68, 02, 00, 00, 80, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHExtractIconsW + 39 7C9F9A62 4 Bytes CALL 7C9F9838 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHExtractIconsW + 3E 7C9F9A67 53 Bytes [ FF, 83, 7E, 3C, 00, 5B, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHExtractIconsW + 75 7C9F9A9E 3 Bytes [ 90, 90, 90 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetVersion + 6 7C9FA619 56 Bytes [ 08, 50, FF, 51, 08, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetVersion + 3F 7C9FA652 66 Bytes CALL 7C9E5F71 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetVersion + 82 7C9FA695 19 Bytes [ 07, 80, EB, E0, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetVersion + 96 7C9FA6A9 30 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllGetVersion + B5 7C9FA6C8 45 Bytes [ FF, 15, 0C, 13, 9C, 7C, 83, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 24 7C9FA752 23 Bytes [ 8B, 75, 10, F7, C6, 10, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 3C 7C9FA76A 90 Bytes [ 15, 56, 53, FF, B5, EC, FD, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Unlock + 97 7C9FA7C5 33 Bytes [ FF, 89, 85, E4, FD, FF, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Unlock + BA 7C9FA7E8 2 Bytes [ 85, C0 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Unlock + BD 7C9FA7EB 3 Bytes [ 85, D3, 4A ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotify + 1B 7C9FAC42 64 Bytes [ 90, 90, 90, 90, 90, 90, 84, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotify + 5D 7C9FAC84 41 Bytes [ D0, 9C, 9F, 7C, B4, 9C, 9F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotify + 87 7C9FACAE 4 Bytes [ 31, 00, 33, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotify + 8C 7C9FACB3 34 Bytes [ 00, 66, 00, 70, 00, 69, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotify + AF 7C9FACD6 7 Bytes [ 69, 00, 63, 00, 6F, 00, 6E ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILSaveToStream + 9D 7C9FC403 57 Bytes [ 46, 54, 50, FF, D7, 8B, 8E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILSaveToStream + D7 7C9FC43D 111 Bytes [ F1, 6A, 00, FF, 36, FF, 15, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILSaveToStream + 147 7C9FC4AD 42 Bytes [ 46, 08, 85, C0, 74, 0B, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILSaveToStream + 172 7C9FC4D8 42 Bytes [ 15, A0, 1C, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILSaveToStream + 19D 7C9FC503 15 Bytes [ FF, 90, 90, 90, 90, 90, 83, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCloneSpecialIDList + 2C 7C9FD669 19 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCloneSpecialIDList + 40 7C9FD67D 16 Bytes [ 00, FF, 75, 08, 8B, F1, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCloneSpecialIDList + 51 7C9FD68E 28 Bytes [ 42, 83, 7E, 54, 00, 75, 0A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCloneSpecialIDList + 6E 7C9FD6AB 38 Bytes [ 51, 18, 8B, F8, 85, FF, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCloneSpecialIDList + 95 7C9FD6D2 75 Bytes [ C7, 5F, 5E, C9, C2, 04, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsExe + 23 7C9FDB6B 18 Bytes [ 85, B0, FB, FF, FF, 83, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsExe + 36 7C9FDB7E 14 Bytes [ FF, 85, C0, 0F, 85, 46, E4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsExe + 45 7C9FDB8D 19 Bytes CALL 7C9FDBA4 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsExe + 5C 7C9FDBA4 115 Bytes [ 90, 8B, FF, 55, 8B, EC, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathIsExe + D0 7C9FDC18 17 Bytes [ 59, 9C, 7C, FF, B5, B4, FB, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsLFNDrive + 23 7C9FDE8C 9 Bytes [ 85, C0, 74, 1E, 8B, 45, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsLFNDrive + 2E 7C9FDE97 3 Bytes [ AA, F1, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsLFNDrive + 32 7C9FDE9B 96 Bytes [ 8D, 48, 04, 6A, 01, E8, F1, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsLFNDrive + 93 7C9FDEFC 48 Bytes [ 15, 68, 13, 9C, 7C, E9, 04, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!IsLFNDrive + C4 7C9FDF2D 45 Bytes JMP 7C9F53AA C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAddToRecentDocs + 4B 7C9FE774 5 Bytes [ FF, 8B, CE, E8, 0A ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAddToRecentDocs + 52 7C9FE77B 5 Bytes [ 00, E9, 52, F6, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAddToRecentDocs + 58 7C9FE781 117 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAddToRecentDocs + CE 7C9FE7F7 129 Bytes [ 75, 10, FF, 75, FC, E8, D6, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHAddToRecentDocs + 150 7C9FE879 95 Bytes [ 59, 33, C0, EB, F1, 8B, 75, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Win32DeleteFile 7C9FEE68 115 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Win32DeleteFile + 74 7C9FEEDC 22 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 3A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Win32DeleteFile + 8B 7C9FEEF3 83 Bytes [ EC, 56, 57, 6A, 01, 33, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Win32DeleteFile + E0 7C9FEF48 23 Bytes [ 00, 8B, F8, F7, C7, 00, 20, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!Win32DeleteFile + F8 7C9FEF60 43 Bytes [ 90, E4, 00, 00, 00, 85, C0, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + 2 7C9FF22E 152 Bytes [ 7C, 65, 53, FF, 15, 8C, 1A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + 9B 7C9FF2C7 10 Bytes [ 15, A0, 1A, 9C, 7C, 33, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + A7 7C9FF2D3 76 Bytes [ 33, C0, EB, F8, 90, 90, 90, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + F6 7C9FF322 2 Bytes [ 5F, 5E ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathYetAnotherMakeUniqueName + FA 7C9FF326 1 Byte [ 15 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathCleanupSpec + 79 7C9FF488 11 Bytes [ FF, 15, 00, 13, 9C, 7C, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!PathCleanupSpec + 85 7C9FF494 66 Bytes CALL 7C9FF679 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 2A 7C9FF4D7 11 Bytes [ B5, DC, FD, FF, FF, 8B, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 36 7C9FF4E3 4 Bytes [ 89, 85, E0, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 3C 7C9FF4E9 1 Byte [ 8D ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 3E 7C9FF4EB 2 Bytes [ F0, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetNewLinkInfoW + 42 7C9FF4EF 75 Bytes [ 50, FF, B5, EC, FD, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrIW + D 7C9FFB18 181 Bytes [ 75, 08, FF, 15, A0, 1A, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrIW + C3 7C9FFBCE 25 Bytes [ 53, 8D, 45, FC, 50, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrIW + DD 7C9FFBE8 3 Bytes [ 46, 1C, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrIW + E1 7C9FFBEC 26 Bytes [ 53, FF, 75, FC, FF, 75, 10, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrIW + FC 7C9FFC07 50 Bytes CALL 7C9FFC3C C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyDeregister + 16 7C9FFCD5 7 Bytes [ B5, D8, F7, FF, FF, 53, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyDeregister + 1E 7C9FFCDD 159 Bytes [ 18, 85, C0, 0F, 8D, D8, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyDeregister + BE 7C9FFD7D 4 Bytes [ 85, C0, 7C, 2B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyDeregister + C3 7C9FFD82 7 Bytes [ 55, 10, 8B, 45, FC, 8B, 08 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotifyDeregister + CB 7C9FFD8A 37 Bytes [ E2, 01, F6, DA, 1B, D2, 81, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllCanUnloadNow + 76 7CA0162F 31 Bytes [ 00, 83, 4D, F8, FF, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllCanUnloadNow + 97 7CA01650 30 Bytes [ 00, 89, 7D, F4, 89, 7D, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllCanUnloadNow + B6 7CA0166F 14 Bytes [ 01, 6A, 01, FF, 50, 14, E9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllCanUnloadNow + C5 7CA0167E 46 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!DllCanUnloadNow + F4 7CA016AD 31 Bytes [ 5B, C9, C3, 90, 90, 90, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetMalloc + 2 7CA01FE6 92 Bytes [ 50, 10, 85, C0, 0F, 8C, 31, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetMalloc + 5F 7CA02043 51 Bytes JMP 7CA01C85 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetMalloc + 94 7CA02078 5 Bytes [ 9C, 7C, 2B, F9, C1 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetMalloc + 9A 7CA0207E 27 Bytes [ 02, 03, F1, 8B, 16, 03, D9, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetMalloc + B6 7CA0209A 49 Bytes [ 9C, 7C, 85, D2, 89, 45, FC, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfo + B 7CA036EF 1 Byte [ 8D ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfo + D 7CA036F1 31 Bytes [ F8, 50, FF, 75, F8, 53, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfo + 2D 7CA03711 56 Bytes [ 15, 8C, 1A, 9C, 7C, 8D, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfo + 66 7CA0374A 32 Bytes [ 15, E4, 20, 9C, 7C, 8D, 45, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfo + 87 7CA0376B 6 Bytes [ 15, 28, 19, 9C, 7C, 8B ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetImageList + 3E 7CA03AB7 35 Bytes CALL 7C9E3A80 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetImageList + 62 7CA03ADB 318 Bytes [ FD, FF, FF, 50, FF, 15, F8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetImageList + 1A1 7CA03C1A 48 Bytes [ 88, 98, 02, 00, 00, 89, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetImageList + 1D2 7CA03C4B 62 Bytes [ 00, 3B, CA, 0F, 85, 54, FA, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetImageList + 211 7CA03C8A 8 Bytes [ C9, C2, 08, 00, 90, 90, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Lock + 2 7CA08B23 24 Bytes [ 15, F0, 18, 9C, 7C, 85, C0, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Lock + 1B 7CA08B3C 44 Bytes [ EC, FD, FF, FF, 0F, 8C, 7F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHChangeNotification_Lock + 48 7CA08B69 54 Bytes [ 57, 68, 7D, 00, 00, 40, 8B, … ][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
ipp: [HKLM — No CLSID value][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 02:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll ipp�x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
msdaipp: [HKLM — No CLSID value][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 02:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll msdaipp�x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAMON.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler] — Protocol Handlers
[2003.07.11 02:25:22 | 00,842,816 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesSYSTEMOLE DBmsdaipp.dll msdaippoledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM — MSDAIPP.BINDER][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2003.08.01 23:09:04 | 08,086,072 | —- | M] (Microsoft Corporation) C:PROGRA~1COMMON~1MICROS~1WEBCOM~111OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandler]
[2004.08.17 11:04:26 | 01,431,040 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [ТВ: подключаемый протокол])========== (O18) Protocol Filters ==========
[HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2004.08.17 11:04:30 | 08,401,408 | —- | M] (Корпорация Майкрософт) C:WINDOWSsystem32SHELL32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter][HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSFilter] — Protocol Filters
[2003.07.15 06:45:12 | 00,039,488 | —- | M] (Microsoft Corporation) C:Program FilesCommon FilesMicrosoft SharedOFFICE11MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«{04F4FE29-515E-4B5B-9CF9-2DAB1065FBE1}»=PROMT Professional 8 Giant Try-Buy
«{15095BF3-A3D7-4DDF-B193-3A496881E003}»=Microsoft .NET Framework 3.0
«{350C9419-3D7C-4EE8-BAA9-00BCB3D54227}»=WebFldrs XP
«{388E4B09-3E71-4649-8921-F44A3A2954A7}»=Microsoft Visual Studio 2005 Tools for Office Runtime
«{491DD792-AD81-429C-9EB4-86DD3D22E333}»=Windows Communication Foundation
«{5ED69AF4-C38E-11D3-B10A-00500406C16C}»=STATISTICA 6
«{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}»=Microsoft .NET Framework 2.0
«{79B986AD-54D8-4498-AA06-89808829ACC0}»=Антивирус Касперского 6.0 для Windows Workstations
«{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}»=Windows Workflow Foundation
«{90110419-6000-11D3-8CFE-0150048383C9}»=Microsoft Office — профессиональный выпуск версии 2003
«{AC76BA86-7AD7-1033-7B44-A70000000000}»=Adobe Reader 7.0
«{BAF78226-3200-4DB4-BE33-4D922A799840}»=Windows Presentation Foundation
«{F9000000-0001-0000-0000-074957833700}»=ABBYY FineReader 9.0 Professional Edition
«{FB08F381-6533-4108-B7DD-039E11FBC27E}»=Avance AC’97 Audio
«Adobe Flash Player ActiveX»=Adobe Flash Player 10 ActiveX
«Adobe Flash Player Plugin»=Adobe Flash Player 10 Plugin
«BearPaw 2448CU Pro v1.4″=BearPaw 2448CU Pro v1.4
«DivX 5.0.2 Bundle»=DivX 5.0.2 Bundle
«HijackThis»=HijackThis 2.0.2
«IDNMitigationAPIs»=Microsoft Internationalized Domain Names Mitigation APIs
«ie7″=Windows Internet Explorer 7
«InstallWIX_{79B986AD-54D8-4498-AA06-89808829ACC0}»=Антивирус Касперского 6.0 для Windows Workstations
«Kleptomania 2.4″=Kleptomania 2.4
«KLiteCodecPack_is1″=K-Lite Codec Pack 3.6.5 Full
«LHTTSFRF»=L&H TTS3000 Franзais
«LHTTSGED»=L&H TTS3000 Deutsch
«LHTTSITI»=L&H TTS3000 Italiano
«LHTTSRUR»=L&H TTS3000 Russian
«LHTTSSPE»=L&H TTS3000 Espaсol
«Malwarebytes’ Anti-Malware_is1″=Malwarebytes’ Anti-Malware
«MaxAntiSpy_is1″=MaxAntiSpy 1.5
«Microsoft .NET Framework 2.0″=Microsoft .NET Framework 2.0
«Microsoft .NET Framework 3.0″=Microsoft .NET Framework 3.0
«Microsoft Visual Studio 2005 Tools for Office Runtime»=еда выполнения Visual Studio 2005 Tools for Office, второй выпуск
«Moleskinsoft Clone Remover 3.3_is1″=Moleskinsoft Clone Remover 3.3
«Mozilla Firefox (3.0.4)»=Mozilla Firefox (3.0.4)
«NLSDownlevelMapping»=Microsoft National Language Support Downlevel APIs
«QIP Infium_is1″=QIP Infium 2.0.9020 RC3
«RMG Musical Player»=RMG Musical Player
«Samsung ML-1610 Series»=Samsung ML-1610 Series
«tv_enua»=Lernout & Hauspie TruVoice American English TTS Engine
«WIC»=Windows Imaging Component
«Winamp»=Winamp (remove only)
«Wincmd»=Windows Commander (Remove or Repair)
«WinRAR archiver»=Архиватор WinRAR (только удаление)
«XpsEPSC»=XML Paper Specification Shared Components Pack 1.0========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«uTorrent»=µTorrent========== HKEY_USERS Uninstall List ==========
[HKEY_USERSS-1-5-21-1935655697-436374069-1202660629-1003SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
«uTorrent»=µTorrent========== Last 10 Event Log Errors ==========
[ Application Events ]
Error — 13.12.2008 9:58:35 | Computer Name = CHELOVEKI | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.42 — The Windows CardSpace service
cannot be started on this file system.Error — 13.12.2008 9:58:38 | Computer Name = CHELOVEKI | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 infocard.exe, P2 3.0.4506.30, P3 4545a357, P4
system.identitymodel.selectors, P5 3.0.0.0, P6 4545a10d, P7 12e, P8 13, P9 fatalerror,
P10 NIL.Error — 13.12.2008 9:58:54 | Computer Name = CHELOVEKI | Source = CardSpace 3.0.0.0 | ID = 65638
Description = FailFast was invoked. Message: The Windows CardSpace service cannot
be started on this file system. Stack Trace: at System.ServiceModel.Diagnostics.ExceptionUtility.TraceFailFast(String
message, EventLogger logger) at System.ServiceModel.Diagnostics.ExceptionUtility.TraceFailFast(String
message) at Microsoft.InfoCards.Diagnostics.DiagnosticUtility.FailFast(String
message) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.FailFast(String message)at Microsoft.InfoCards.InfoCardService.FailFastIfNoFileSystemSecurity() at
Microsoft.InfoCards.InfoCardService..ctor() at wmain() at _wmainCRTStartup()Process
Name: infocard Process ID: 3920Error — 13.12.2008 9:58:54 | Computer Name = CHELOVEKI | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.42 — The Windows CardSpace service
cannot be started on this file system.Error — 13.12.2008 9:58:55 | Computer Name = CHELOVEKI | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 infocard.exe, P2 3.0.4506.30, P3 4545a357, P4
system.identitymodel.selectors, P5 3.0.0.0, P6 4545a10d, P7 12e, P8 13, P9 fatalerror,
P10 NIL.Error — 14.12.2008 6:08:39 | Computer Name = CHELOVEKI | Source = Application Error | ID = 1005
Description = Нет доступа к файлу C:WINDOWSSystem32ESENT.DLL по одной из следующих
причин: либо возникли проблемы с сетевым подключением, диском с файлом или хранилищем
с драйверами, установленными на этом компьютере, либо отсутствует диск. Программа
ESENT.DLL была закрыта вследствие ошибки. Программа: ESENT.DLL Файл: C:WINDOWSSystem32ESENT.DLLЗначение
ошибки находится в разделе дополнительных данных. Действие пользователя 1. Снова
откройте файл. Проблема может быть временной и исправится сама собой, когда программа
снова будет запущена. 2 Если файл все еще не удается открыть и — он находится в сети,
то
сетевой администратор должен убедиться, что сеть работает и можно подключиться
к серверу. — он находится на съемном диске, например, на дискете или компакт-диске,
убедитесь, что диск полностью вставлен в компьютер. 3. Проверьте и восстановите
файловую систему, выполняя команду CHKDSK. Чтобы запустить команду CHKDSK, щелкните
«Пуск», «Выполнить», напечатайте «CMD» и нажмите «ОК». В командной строке введите
«CHKDSK /F» и нажмите «ВВОД». 4. Если проблема все еще существует, восстановите
файл из архивной копии. 5. Проверьте, можно ли открыть другие файлы на этом же диске.
Если нет, то диск может быть поврежден. Если это жесткий диск, обратитесь за помощью
к системному администратору или произволителю. Дополнительные данные Значение ошибки:
C000009C Тип диска: 3Error — 14.12.2008 6:08:47 | Computer Name = CHELOVEKI | Source = Application Error | ID = 1000
Description = Ошибка приложения wuauclt.exe, версия 7.2.6001.788, модуль esent.dll,
версия 5.1.2600.2180, адрес 0x0004cfde.Error — 14.12.2008 10:42:04 | Computer Name = CHELOVEKI | Source = InCDsrv | ID = 0
Description =Error — 14.12.2008 11:27:10 | Computer Name = CHELOVEKI | Source = Application Error | ID = 1000
Description = Ошибка приложения winamp.exe, версия 2.9.1.0, модуль in_midi.dll,
версия 0.0.0.0, адрес 0x00005580.Error — 18.12.2008 14:03:08 | Computer Name = CHELOVEKI | Source = Application Hang | ID = 1002
Description = Зависшее приложение MSPVIEW.EXE, версия 11.0.1897.0, зависший модуль
hungapp, версия 0.0.0.0, адрес 0x00000000.[ System Events ]
Error — 26.12.2008 1:43:50 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly завершилась не удачно для Microsoft.VC80.MFCLOC.
Соответствующее
сообщение об ошибке: Указанная совокупность не установлена в системе. .Error — 26.12.2008 1:43:50 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context завершилась не удачно для C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2MFC80U.DLL.
Соответствующее
сообщение об ошибке: Операция успешно завершена. .Error — 26.12.2008 2:15:51 | Computer Name = CHELOVEKI | Source = Disk | ID = 262151
Description = Неверный блок на устройстве DeviceHarddisk1D.Error — 26.12.2008 10:16:27 | Computer Name = CHELOVEKI | Source = DCOM | ID = 10005
Description = Ошибка DCOM «%1084» при попытке запуска службы EventSystem с аргументами
«» для запуска сервера: {1BE1F766-5536-11D1-B726-00C04FB926AF}Error — 28.12.2008 1:51:02 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842784
Description = Зависимая совокупность Microsoft.VC80.MFCLOC не может быть найдена,
последняя ошибка Указанная совокупность не установлена в системе.Error — 28.12.2008 1:51:02 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly завершилась не удачно для Microsoft.VC80.MFCLOC.
Соответствующее
сообщение об ошибке: Указанная совокупность не установлена в системе. .Error — 28.12.2008 1:51:02 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context завершилась не удачно для C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2MFC80U.DLL.
Соответствующее
сообщение об ошибке: Операция успешно завершена. .Error — 28.12.2008 1:51:02 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842784
Description = Зависимая совокупность Microsoft.VC80.MFCLOC не может быть найдена,
последняя ошибка Указанная совокупность не установлена в системе.Error — 28.12.2008 1:51:02 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly завершилась не удачно для Microsoft.VC80.MFCLOC.
Соответствующее
сообщение об ошибке: Указанная совокупность не установлена в системе. .Error — 28.12.2008 1:51:02 | Computer Name = CHELOVEKI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context завершилась не удачно для C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2MFC80U.DLL.
Соответствующее
сообщение об ошибке: Операция успешно завершена. .< End of report >
А затем просканировал ПК с помощью программы GMER, получил еще два лога:
первый
GMER 1.0.14.14536 — http://www.gmer.net
Rootkit scan 2008-12-28 11:27:58
Windows 5.1.2600 Service Pack 2—- System — GMER 1.0.14 —-
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xF812A1E0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xF81282F0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xF811B750]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF8129F10]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF812A080]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xF812AD00]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF812A7B0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xF812B600]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xF811B860]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xF811B8E0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xF812A380]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xF811B990]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xF811BA40]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xF811BAF0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xF811BB70]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF8127E50]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xF811C590]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xF811BB90]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xF811BC70]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xF811BD50]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xF8129D00]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xF812AB20]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xF811BE30]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xF811BEE0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF812B2B0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xF811BF90]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xF811C070]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xF8128900]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xF811C100]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xF812B5B0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xF811C300]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xF812B940]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF812BF60]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xF811C390]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF8126A10]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xF812A9A0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xF811C430]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xF812B560]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF81281B0]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xF812B150]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xF811C550]
SSDT ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xF812A240]Code ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous—- Kernel code sections — GMER 1.0.14 —-
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [ 50, 7E, 12, F8, 90, C5, 11, … ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP F812C880 ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP F812C380 ??C:WINDOWSsystem32driversklif.sys (spuper-ptor/Kaspersky Lab)—- User code sections — GMER 1.0.14 —-
? C:WINDOWSsystem32svchost.exe[220] C:WINDOWSsystem32kernel32.dll time/date stamp mismatch;
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + FFE28DAA 7C9C2175 260 Bytes JMP 837A77F1
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + FFE28EAF 7C9C227A 1 Byte [ 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + FFE28EB1 7C9C227C 584 Bytes [ 85, F1, D5, 77, 04, 06, D8, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + FFE290FA 7C9C24C5 383 Bytes [ 01, D6, 77, 6E, B4, D3, 77, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!StrStrW + FFE2927A 7C9C2645 168 Bytes [ 85, D5, 77, 9F, 01, D4, 77, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFree + 1C2 7C9E2AC3 274 Bytes [ 53, 48, 46, 69, 6E, 64, 5F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFree + 2D5 7C9E2BD6 118 Bytes [ 53, 48, 47, 65, 74, 46, 69, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFree + 34C 7C9E2C4D 16 Bytes [ 53, 48, 47, 65, 74, 46, 6F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFree + 35D 7C9E2C5E 94 Bytes [ 53, 48, 47, 65, 74, 49, 63, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFree + 3BC 7C9E2CBD 62 Bytes [ 53, 48, 47, 65, 74, 4E, 65, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadOLE + C0 7C9E30BD 48 Bytes [ 53, 48, 53, 68, 65, 6C, 6C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadOLE + F1 7C9E30EE 117 Bytes [ 53, 48, 53, 74, 61, 72, 74, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHLoadOLE + 167 7C9E3164 217 Bytes [ 53, 48, 56, 61, 6C, 69, 64, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILClone + 9 7C9E323E 386 Bytes [ 53, 68, 65, 53, 65, 74, 43, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILClone + 18C 7C9E33C1 165 Bytes [ 74, 72, 43, 68, 72, 49, 41, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILClone + 232 7C9E3467 72 Bytes [ 53, 74, 72, 52, 43, 68, 72, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCloneFirst + 12 7C9E34B0 218 Bytes [ 53, 74, 72, 53, 74, 72, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCombine + 3C 7C9E358B 68 Bytes [ 68, 49, 73, 52, 65, 6C, 61, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCombine + 81 7C9E35D0 56 Bytes [ 55, 8B, EC, FF, 75, 08, 6A, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCombine + BD 7C9E360C 67 Bytes [ 8B, FF, 55, 8B, EC, 53, 57, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCombine + 101 7C9E3650 21 Bytes [ 00, 00, 8B, F8, 39, 1D, E4, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCombine + 117 7C9E3666 116 Bytes [ 15, 68, 1A, 9C, 7C, 5E, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDesktopFolder + 64 7C9E3C02 4 Bytes [ 80, 89, 7D, 0C ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDesktopFolder + 69 7C9E3C07 1 Byte [ 15 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDesktopFolder + 6B 7C9E3C09 18 Bytes [ 1B, 9C, 7C, FF, 75, 10, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDesktopFolder + 7E 7C9E3C1C 57 Bytes [ F8, 50, 53, FF, 75, 08, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetDesktopFolder + B8 7C9E3C56 29 Bytes [ 8B, C7, 5F, 5E, C9, C2, 0C, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRestricted + 1 7C9E4590 45 Bytes JMP 7096D097
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRestricted + 31 7C9E45C0 63 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRestricted + 71 7C9E4600 21 Bytes [ 00, 8B, 45, 0C, C9, C2, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRestricted + 87 7C9E4616 22 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHRestricted + 9E 7C9E462D 12 Bytes [ 00, 0F, 85, 90, 8C, 00, 00, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILRemoveLastID + 12 7C9E4EE6 26 Bytes [ 5F, 5E, 8B, C3, 5B, 5D, C2, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILRemoveLastID + 2D 7C9E4F01 10 Bytes [ 00, 73, 00, 65, 00, 44, 00, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILRemoveLastID + 38 7C9E4F0C 45 Bytes [ 6B, 00, 74, 00, 6F, 00, 70, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILRemoveLastID + 66 7C9E4F3A 13 Bytes [ 63, 00, 79, 00, 4C, 00, 4D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILRemoveLastID + 74 7C9E4F48 27 Bytes [ 68, 00, 61, 00, 76, 00, 69, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetSettings + 19 7C9E50F6 12 Bytes [ 45, 00, 76, 00, 65, 00, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetSettings + 26 7C9E5103 4 Bytes [ 00, 49, 00, 6E ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetSettings + 2B 7C9E5108 7 Bytes [ 68, 00, 65, 00, 72, 00, 69 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetSettings + 33 7C9E5110 47 Bytes [ 74, 00, 43, 00, 6F, 00, 6E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSetSettings + 63 7C9E5140 19 Bytes [ 62, 00, 56, 00, 69, 00, 65, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCLSIDFromString + 66 7C9E5546 51 Bytes [ 70, 00, 53, 00, 63, 00, 72, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCLSIDFromString + 9A 7C9E557A 104 Bytes [ 75, 00, 6E, 00, 64, 00, 50, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCLSIDFromString + 104 7C9E55E4 60 Bytes [ 08, 00, 00, 00, 10, 58, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCLSIDFromString + 141 7C9E5621 49 Bytes [ 01, 00, 00, 10, 58, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHCLSIDFromString + 173 7C9E5653 24 Bytes [ 00, 10, 58, 9C, 7C, E0, 56, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindLastID + 2A 7C9E56D5 13 Bytes [ 00, 00, 01, 10, 58, 9C, 7C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindLastID + 38 7C9E56E3 107 Bytes [ 02, 10, 58, 9C, 7C, 38, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindLastID + A4 7C9E574F 79 Bytes [ 40, 10, 58, 9C, 7C, 20, 54, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindLastID + F5 7C9E57A0 109 Bytes [ 09, 00, 00, 40, 10, 58, 9C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILFindLastID + 164 7C9E580F 46 Bytes [ 40, 00, 53, 9C, 7C, B0, 51, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHParseDisplayName + 1B 7C9E6872 111 Bytes [ 90, 90, 90, 90, 90, 8B, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHParseDisplayName + 8B 7C9E68E2 2 Bytes [ 21, 00 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHParseDisplayName + 8F 7C9E68E6 19 Bytes [ 3B, C7, 5F, 0F, 85, FD, 24, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHParseDisplayName + A3 7C9E68FA 63 Bytes [ C0, 75, 03, 8D, 46, 20, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHParseDisplayName + E4 7C9E693B 66 Bytes [ 45, 0C, 5D, C2, 0C, 00, 90, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHILCreateFromPath + 6C 7C9E6E93 31 Bytes [ C5, BB, 7C, 89, 45, FC, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHILCreateFromPath + 8C 7C9E6EB3 27 Bytes CALL 7C9E6E58 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHILCreateFromPath + A8 7C9E6ECF 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHILCreateFromPath + D8 7C9E6EFF 32 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHILCreateFromPath + F9 7C9E6F20 69 Bytes [ 00, 8D, BD, E4, FB, FF, FF, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPath 7C9E6FBF 74 Bytes [ 90, 90, 90, 90, 8B, FF, 55, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPath + 4B 7C9E700A 87 Bytes [ 45, 0C, 57, 8B, F1, 50, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPath + A3 7C9E7062 101 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPath + 109 7C9E70C8 49 Bytes [ 50, 56, 89, 85, D8, FD, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILCreateFromPath + 13B 7C9E70FA 25 Bytes CALL 7C9E6FC3 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfoW + 12 7C9E78BF 138 Bytes [ 7D, 14, 8B, F0, 89, 7D, 0C, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfoW + 9D 7C9E794A 2 Bytes [ 5D, 14 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfoW + A0 7C9E794D 58 Bytes [ 45, E4, 8B, 45, 18, 56, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfoW + DC 7C9E7989 18 Bytes [ FF, 75, D8, 8B, 46, 18, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFileInfoW + EF 7C9E799C 5 Bytes [ 57, 0C, 8B, F8, 85 ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFree + 16 7C9E7AA0 12 Bytes [ 75, C0, 50, FF, 51, 0C, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFree + 23 7C9E7AAD 54 Bytes [ 75, C4, 8D, 45, D0, FF, 75, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFree + 5A 7C9E7AE4 67 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFree + 9E 7C9E7B28 177 Bytes [ 50, 8D, 45, F4, 50, 53, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHFree + 150 7C9E7BDA 12 Bytes [ 75, 20, FF, 75, 08, FF, 75, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 10 7C9E7F1E 89 Bytes [ 64, 00, 69, 00, 6E, 00, 67, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 6A 7C9E7F78 4 Bytes [ 66, C7, 03, 19 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 6F 7C9E7F7D 25 Bytes [ C6, 43, 02, 2F, 75, 14, 8D, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + 89 7C9E7F97 31 Bytes [ 33, FF, 8B, 4D, FC, 8B, C7, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderPathW + AB 7C9E7FB9 15 Bytes [ C3, 90, 90, 90, 90, 90, 8B, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathW + E 7C9E869C 5 Bytes [ FF, 75, 08, E8, 59 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathW + 14 7C9E86A2 100 Bytes [ 00, 00, 85, C0, 75, 41, 8B, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathW + 79 7C9E8707 10 Bytes [ 00, A1, 08, C5, BB, 7C, 83, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathW + 85 7C9E8713 6 Bytes [ 00, 56, 89, 45, FC, 8B ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderPathW + 8C 7C9E871A 23 Bytes [ 08, 57, 50, 8B, F9, E8, 17, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderLocation + 28 7C9E9829 35 Bytes [ 83, BD, EC, FD, FF, FF, 02, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderLocation + 4C 7C9E984D 43 Bytes [ 00, 33, DB, 66, 39, 1E, 0F, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetFolderLocation + 79 7C9E987A 84 Bytes CALL 7C9E091D C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 4C 7C9E98CF 13 Bytes [ 85, FC, FD, FF, FF, 50, FF, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 5A 7C9E98DD 4 Bytes [ B5, EC, FD, FF ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 5F 7C9E98E2 1 Byte [ 8D ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 61 7C9E98E4 5 Bytes [ FC, FD, FF, FF, 50 ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!SHGetSpecialFolderLocation + 67 7C9E98EA 11 Bytes [ 15, 7C, 20, 9C, 7C, 83, BD, … ]
.text …
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILIsEqual + 11 7C9E9A7D 5 Bytes [ 0C, 8D, 8D, DC, FD ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILIsEqual + 17 7C9E9A83 40 Bytes CALL 7C9E9A85 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILIsEqual + 40 7C9E9AAC 25 Bytes [ 5F, 5E, 5B, 74, 0C, FF, B5, … ]
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILIsEqual + 5A 7C9E9AC6 8 Bytes CALL 7C9E0920 C:WINDOWSsystem32SHELL32.dll (Общая библиотека оболочки Windows/Корпорация Майкрософт)
.text C:WINDOWSsystem32svchost.exe[220] SHELL32.dll!ILIsEqual + 63 7C9E9ACF 4 Bytes [ 90, 90, 90, 90 ]
