GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-05-21 20:31:45 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL032C 149,05GB Running: u83hqknv.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 2.2 ---- SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9133C3AC] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x912ACB92] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9133CF42] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x91348332] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9134837E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x91348632] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x913482A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSection [0x913483C2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x913482E8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThread [0x9133D5B0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x9133D7C0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x913485EC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9133DCBE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9133C412] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x91341270] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x912ACC6A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwGetContextThread [0x9133E756] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x9133BFF2] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x912AD04C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9133C478] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x91341682] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9133EF16] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9134835C] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x913483A0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x91348656] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x913482C6] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x91340B62] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwOpenProcessToken [0x912AD728] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwOpenProcessTokenEx [0x912AD7E4] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x913484F0] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x91348310] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x91340F4A] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwOpenThreadToken [0x912AD594] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwOpenThreadTokenEx [0x912AD65A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x91348610] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x912ACDEA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x9133ED3A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryVirtualMemory [0x9133E59A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x9133E464] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeProcess [0x9133DE88] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwResumeThread [0x9133E094] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9133C4DE] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9133C544] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetContextThread [0x9133E880] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9133C092] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9133C26A] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9133C1F8] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9133DF8E] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9133E208] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9133C2F2] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateProcess [0x9133DAFC] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x9133DC9E] SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x912A9FBA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x9133C5AA] SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x9133CF9E] ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwRenameKey + 13A8 8303DD64 5 Bytes JMP 868B3E08 .text ntkrnlpa.exe!ZwRenameKey + 1549 8303DF05 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83078292 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 8307F690 4 Bytes [AC, C3, 33, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 8307F6B8 4 Bytes [92, CB, 2A, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 8307F718 4 Bytes [42, CF, 33, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 8307F76C 8 Bytes [32, 83, 34, 91, 7E, 83, 34, ...] {XOR AL, [EBX-0x7c816ecc]; XOR AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 8307F778 4 Bytes [32, 86, 34, 91] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 114 8323E4E9 4 Bytes CALL 9133F46D \SystemRoot\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 132 832582C2 4 Bytes CALL 9133F483 \SystemRoot\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x8B74B774] ? system32\drivers\aswRvrt.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswVmm.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswbunivx.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswblogx.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswbidshx.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswSP.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswSnx.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswKbd.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswRdr2.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswbidsdriverx.sys System nie może odnaleźć określonej ścieżki. ! ? system32\drivers\aswMonFlt.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.2 ---- .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 03AB0095 .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 03AB002D .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 03AB00C9 .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[216] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 03AB0061 .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[320] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00D10095 .text C:\Windows\system32\taskhost.exe[320] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 00D1002D .text C:\Windows\system32\taskhost.exe[320] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 00D100C9 .text C:\Windows\system32\taskhost.exe[320] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00D10061 .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ChomikBox\chomikbox.exe[324] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00300095 .text C:\Program Files\ChomikBox\chomikbox.exe[324] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0030002D .text C:\Program Files\ChomikBox\chomikbox.exe[324] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 003000C9 .text C:\Program Files\ChomikBox\chomikbox.exe[324] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00300061 .text C:\Program Files\Internet Explorer\iexplore.exe[536] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 684403FC .text C:\Program Files\Internet Explorer\iexplore.exe[536] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 684401F8 .text C:\Program Files\Internet Explorer\iexplore.exe[536] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 01B00095 .text C:\Program Files\Internet Explorer\iexplore.exe[536] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 01B0002D .text C:\Program Files\Internet Explorer\iexplore.exe[536] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 01B000C9 .text C:\Program Files\Internet Explorer\iexplore.exe[536] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 01B00061 .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxpers.exe[588] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00590095 .text C:\Windows\System32\igfxpers.exe[588] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0059002D .text C:\Windows\System32\igfxpers.exe[588] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 005900C9 .text C:\Windows\System32\igfxpers.exe[588] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00590061 .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!SetScrollRange 76B28E8B 5 Bytes JMP 014BA9BE C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!GetScrollInfo 76B32D73 5 Bytes JMP 014BA945 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!SetScrollInfo 76B348AA 5 Bytes JMP 014BA9FB C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!GetScrollRange 76B5042A 5 Bytes JMP 014BA8DC C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!SetScrollPos 76B5048E 5 Bytes JMP 014BA8B1 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!GetScrollPos 76B50E13 5 Bytes JMP 014BA91A C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!EnableScrollBar 76B5199E 5 Bytes JMP 014BAA35 C:\Program Files\CCleaner\CCleaner.exe .text C:\Program Files\CCleaner\CCleaner.exe[780] USER32.dll!ShowScrollBar 76B53C59 5 Bytes JMP 014BA97E C:\Program Files\CCleaner\CCleaner.exe .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\wbem\wmiprvse.exe[1224] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Ad Muncher\AdMunch.exe[1924] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00460095 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0046002D .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 004600C9 .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1928] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00460061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 9C, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 9F, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 9C, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 9D, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F58F08 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 9E, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 9D, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 9E, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F58F99 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 9C, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F59157 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 9D, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 9E, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 9F, 35, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 601903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 601901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2300] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 88, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 8B, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 88, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 89, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5AFF4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 8A, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 89, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 8A, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5B085 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 88, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5B243 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 89, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 8A, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 8B, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 543303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 543301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2384] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\svchost.exe[2404] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2464] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2484] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\Dwm.exe[2536] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 016D0095 .text C:\Windows\system32\Dwm.exe[2536] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 016D002D .text C:\Windows\system32\Dwm.exe[2536] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 016D00C9 .text C:\Windows\system32\Dwm.exe[2536] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 016D0061 .text C:\Program Files\Internet Explorer\iexplore.exe[2572] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 36EA03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2572] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 36EA01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2572] shell32.DLL!RealDriveType + 173D 75A6FCA0 4 Bytes [80, C0, 33, 6C] {ADD AL, 0x33; INS BYTE [ES:EDI], DX} .text C:\Program Files\Internet Explorer\iexplore.exe[2572] shell32.DLL!RealDriveType + 1745 75A6FCA8 8 Bytes [10, 12, 33, 6C, 50, C1, 33, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[2572] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 02650095 .text C:\Program Files\Internet Explorer\iexplore.exe[2572] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0265002D .text C:\Program Files\Internet Explorer\iexplore.exe[2572] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 026500C9 .text C:\Program Files\Internet Explorer\iexplore.exe[2572] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 02650061 .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 014A0095 .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 014A002D .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 014A00C9 .text C:\Program Files\ACD Systems\ACDSee\14.0\ACDSeeInTouch2.exe[2584] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 014A0061 .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\Explorer.EXE[2612] SHELL32.dll!SHFileOperationW 75A29670 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Windows\Explorer.EXE[2612] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 06450095 .text C:\Windows\Explorer.EXE[2612] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0645002D .text C:\Windows\Explorer.EXE[2612] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 064500C9 .text C:\Windows\Explorer.EXE[2612] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 06450061 .text C:\KMPlayer\KMPlayer.exe[2624] kernel32.dll!DeviceIoControl 76E7BB7D 5 Bytes JMP 00930788 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] ole32.dll!CoCreateInstance 76969C5B 5 Bytes JMP 0092F56C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] USER32.dll!ChangeDisplaySettingsExA 76B4624A 5 Bytes JMP 00930730 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] USER32.dll!ChangeDisplaySettingsExW 76B6FAB9 5 Bytes JMP 0093075C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegOpenKeyA 7673CB95 5 Bytes JMP 009303B4 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegCreateKeyA 7673CC81 5 Bytes JMP 00930114 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegQueryValueA 7673CD92 7 Bytes JMP 00930514 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegDeleteValueW 7673CEB1 5 Bytes JMP 00930278 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegEnumValueA 7673CEC9 5 Bytes JMP 0093032C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegQueryInfoKeyA 7673E0C3 5 Bytes JMP 0093047C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegDeleteKeyW 767411BA 7 Bytes JMP 00930220 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegCreateKeyExA 767413B1 5 Bytes JMP 0093016C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegEnumKeyExA 767413C9 5 Bytes JMP 009302A4 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegSetValueExA 767413FB 5 Bytes JMP 00930664 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegSetValueExW 7674141E 5 Bytes JMP 009306A0 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegCreateKeyW 7674145C 5 Bytes JMP 00930140 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegOpenKeyW 767423A1 5 Bytes JMP 009303E0 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegCreateKeyExW 7674404E 5 Bytes JMP 009301B0 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegQueryValueW 76744404 7 Bytes JMP 00930548 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegOpenKeyExW 767445DD 5 Bytes JMP 00930444 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegCloseKey 767445ED 5 Bytes JMP 009300CC C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegQueryValueExW 767445FD 5 Bytes JMP 009305B8 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegEnumKeyExW 76744618 5 Bytes JMP 009302E8 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegQueryInfoKeyW 76744637 5 Bytes JMP 009304C8 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegEnumValueW 76744820 5 Bytes JMP 00930370 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegQueryValueExA 76744843 5 Bytes JMP 0093057C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegOpenKeyExA 7674485B 5 Bytes JMP 0093040C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegFlushKey 767576BF 5 Bytes JMP 009300F0 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegDeleteValueA 7675A46A 5 Bytes JMP 0093024C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegSetValueW 7675A60A 5 Bytes JMP 0093062C C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegDeleteKeyA 7675A837 5 Bytes JMP 009301F4 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] advapi32.dll!RegSetValueA 76791291 5 Bytes JMP 009305F4 C:\KMPlayer\KMPlayer.exe .text C:\KMPlayer\KMPlayer.exe[2624] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 002F0095 .text C:\KMPlayer\KMPlayer.exe[2624] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 002F002D .text C:\KMPlayer\KMPlayer.exe[2624] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 002F00C9 .text C:\KMPlayer\KMPlayer.exe[2624] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 002F0061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, F0, E2, 00] {SUB AL, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, F3, E2, 00] {SUB BL, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, F0, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, F1, E2, 00] {TEST AL, 0xf1; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F63C5C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, F2, E2, 00] {TEST AL, 0xf2; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, F1, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, F2, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F63CED C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, F0, E2, 00] {TEST AL, 0xf0; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F63EAB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, F1, E2, 00] {SUB CL, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, F2, E2, 00] {SUB DL, DH; LOOP 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, F3, E2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 6E1D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 6E1D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2892] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3024] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 70, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 73, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 70, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 71, D8, 00] {TEST AL, 0x71; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F631DC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 72, D8, 00] {TEST AL, 0x72; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 71, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 72, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F6326D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 70, D8, 00] {TEST AL, 0x70; FADD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F6342B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 71, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 72, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 73, D8, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 587903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 587901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\igfxtray.exe[3140] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 01320095 .text C:\Windows\System32\igfxtray.exe[3140] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0132002D .text C:\Windows\System32\igfxtray.exe[3140] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 013200C9 .text C:\Windows\System32\igfxtray.exe[3140] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 01320061 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3176] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 01920095 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0192002D .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 019200C9 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[3216] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 01920061 .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\SearchIndexer.exe[3276] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Winamp\winampa.exe[3296] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00210095 .text C:\Program Files\Winamp\winampa.exe[3296] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0021002D .text C:\Program Files\Winamp\winampa.exe[3296] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 002100C9 .text C:\Program Files\Winamp\winampa.exe[3296] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00210061 .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskhost.exe[3320] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 01AA0095 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 01AA002D .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 01AA00C9 .text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[3388] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 01AA0061 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 01C80095 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 01C8002D .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 01C800C9 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3416] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 01C80061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, C4, 71, 00] {SUB AH, AL; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, C7, 71, 00] {SUB BH, AL; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, C4, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, C5, 71, 00] {TEST AL, 0xc5; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5CB30 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, C6, 71, 00] {TEST AL, 0xc6; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, C5, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, C6, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5CBC1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, C4, 71, 00] {TEST AL, 0xc4; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5CD7F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, C5, 71, 00] {SUB CH, AL; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, C6, 71, 00] {SUB DH, AL; JNO 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, C7, 71, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 746703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 746701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3468] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\igfxsrvc.exe[3476] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00270095 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0027002D .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 002700C9 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3656] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00270061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 8C, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 8F, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 8C, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 8D, 77, 00] {TEST AL, 0x8d; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5D0F8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 8E, 77, 00] {TEST AL, 0x8e; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 8D, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 8E, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5D189 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 8C, 77, 00] {TEST AL, 0x8c; JA 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5D347 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 8D, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 8E, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 8F, 77, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 393C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 393C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\taskeng.exe[3964] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\hkcmd.exe[3988] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 01210095 .text C:\Windows\System32\hkcmd.exe[3988] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0121002D .text C:\Windows\System32\hkcmd.exe[3988] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 012100C9 .text C:\Windows\System32\hkcmd.exe[3988] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 01210061 .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 003F0095 .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 003F002D .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 003F00C9 .text C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe[4080] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 003F0061 .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\System32\svchost.exe[4248] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 54, 52, 00] {SUB [EDX+EDX*2+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 57, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 54, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 55, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5ABC0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 56, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 55, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 56, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5AC51 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 54, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5AE0F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 55, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 56, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 57, 52, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 4CC903FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 4CC901F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4456] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 71C003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 71C001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00260095 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0026002D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 002600C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4636] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00260061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, D8, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, DB, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, D8, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, D9, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F59C44 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, DA, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, D9, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, DA, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F59CD5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, D8, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F59E93 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, D9, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, DA, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, DB, 42, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 7BBA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 7BBA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 37D503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 37D501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00460095 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0046002D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 004600C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00460061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 24, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 27, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 24, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 25, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5A590 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 26, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 25, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 26, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5A621 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 24, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5A7DF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 25, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 26, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 27, 4C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 74C603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 74C601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5044] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 00240095 .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 0024002D .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 002400C9 .text C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe[5084] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 00240061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 60, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 63, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 60, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 61, E0, 00] {TEST AL, 0x61; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F639CC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 62, E0, 00] {TEST AL, 0x62; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 61, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 62, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F63A5D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 60, E0, 00] {TEST AL, 0x60; LOOPNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F63C1B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 61, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 62, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 63, E0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 4E2103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 4E2101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 010E0095 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 010E002D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 010E00C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5336] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 010E0061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 38, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 3B, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 38, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 39, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F660A4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 3A, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 39, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 3A, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F66135 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 38, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F662F3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 39, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 3A, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 3B, 07, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 14CF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 14CF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5444] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] WS2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 015A0095 .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] WS2_32.dll!recv + CA 768E68F0 7 Bytes JMP 015A002D .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] WS2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 015A00C9 .text C:\Users\User\AppData\Roaming\Spotify\Spotify.exe[5548] WS2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 015A0061 .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Windows\system32\DllHost.exe[5656] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 5C, 82, 00] {SUB [EDX+EAX*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 5F, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 5C, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 5D, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5DBC8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 5E, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 5D, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 5E, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5DC59 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 5C, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5DE17 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 5D, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 5E, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 5F, 82, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 507603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 507601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5752] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 5DDE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 5DDE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ws2_32.dll!ioctlsocket + 26 768E30AA 7 Bytes JMP 002F0095 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ws2_32.dll!recv + CA 768E68F0 7 Bytes JMP 002F002D .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ws2_32.dll!WSARecv + B9 768E6E5A 7 Bytes JMP 002F00C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[5812] ws2_32.dll!WSASetEvent + 2B 768EBCD0 7 Bytes JMP 002F0061 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateEvent 76F55170 5 Bytes JMP 6A3E2AE0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + 6 76F55196 4 Bytes [28, 24, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + B 76F5519B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateMutant 76F55210 5 Bytes JMP 6A3E2D70 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateSemaphore 76F552C0 5 Bytes JMP 6A3E3000 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateUserProcess 76F55340 5 Bytes JMP 6A3E3290 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection 76F557F0 5 Bytes JMP 6A3E2830 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + 6 76F557F6 4 Bytes [28, 27, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + B 76F557FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenEvent 76F55880 5 Bytes JMP 6A3E2C30 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + 6 76F558A6 4 Bytes [68, 24, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + B 76F558AB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenMutant 76F55920 5 Bytes JMP 6A3E2EC0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + 6 76F55956 4 Bytes [A8, 25, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + B 76F5595B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + 6 76F55966 4 Bytes CALL 75F5F890 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + B 76F5596B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + 6 76F55976 4 Bytes [A8, 26, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + B 76F5597B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenSemaphore 76F559A0 5 Bytes JMP 6A3E3150 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + 6 76F559D6 4 Bytes [68, 25, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + B 76F559DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + 6 76F559E6 4 Bytes [68, 26, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + B 76F559EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + 6 76F559F6 4 Bytes CALL 75F5F921 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + B 76F559FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + 6 76F55B06 4 Bytes [A8, 24, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + B 76F55B0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + 6 76F55BB6 4 Bytes CALL 75F5FADF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + B 76F55BBB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryInformationProcess 76F55C10 5 Bytes JMP 6A3E34B0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtResumeThread 76F56070 5 Bytes JMP 6A3E29D0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + 6 76F56206 4 Bytes [28, 25, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + B 76F5620B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + 6 76F56266 4 Bytes [28, 26, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + B 76F5626B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + 6 76F56586 4 Bytes [68, 27, 9F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + B 76F5658B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtWriteVirtualMemory 76F56660 5 Bytes JMP 6A3E26C0 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!RtlQueryEnvironmentVariable 76F685CF 5 Bytes JMP 6A3E3420 C:\Program Files\AVAST Software\Avast\aswhookx.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!LdrUnloadDll 76F6C746 5 Bytes JMP 457203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!LdrLoadDll 76F72133 5 Bytes JMP 457201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!RtlDecompressBuffer 76FC5755 5 Bytes JMP 6A3E3340 C:\Program Files\AVAST Software\Avast\aswhookx.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [736F5625] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [736F56E3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7371248C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73712507] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7370856B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73704D1E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737050C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7370519A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737066C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737082C2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73708811] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73709072] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7370E215] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll IAT C:\Windows\Explorer.EXE[2612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73704C50] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23721_none_5c052bcda00f9399\gdiplus.dll ---- Devices - GMER 2.2 ---- Device \FileSystem\Ntfs \Ntfs 85B6B1F8 ---- Trace I/O - GMER 2.2 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys aswSP.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85b691f8]<< 85b691f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a1b030] 86a1b030 Trace 3 aswSP.sys[912d3565] -> nt!IofCallDriver -> [0x85b39608] 85b39608 Trace 5 ACPI.sys[8b7703d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86931030] 86931030 Trace \Driver\atapi[0x8692ee48] -> IRP_MJ_CREATE -> 0x85b691f8 85b691f8 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ? ?|?????????????????????????????o????sata??192.168.1.2??a??? ???????A?????alw??255.255.255.0??\?????????????D???????w??192.168.1.254??yte??? 0??????a??????????????????????????????????????????eb??255.255.255.0??\mb????????????????s?????192.168.1.3??w??? ??????????????????255.255.255.0????????`8??????9???????????????????????????????????????????????????????????????????????????????/???????????????????5??192.168.1.254??e%;???????????.??????????????0???????\??\C:\Program Files\Mozilla Firefox\tobedeleted\mozE8AD.tmp??\??\C:\Program Files\Mozilla Firefox\tobedeleted??\??\C:\Program Files\Mozilla Firefox\tobedeleted\mozE8AD.tmp??\??\C:\Program Files\Mozilla Firefox\tobedeleted\??\??\C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe??\??\C:\Windows\system32\drivers\asw7CD2.tmp??\??\C:\Windows\system32\drivers\asw7EF5.tmp??\??\C:\Windows\system32\drivers\asw80F9.tmp??\??\C:\Windows\system32\drivers\asw832B.tmp??\??\C:\Windows\system32\drivers\asw8889.tmp??\??\C:\Windows\system32\drivers\asw8ADB. Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@002345016c44 0xD1 0xFB 0x8F 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@303855556cd1 0x5D 0x16 0x59 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@00180fcf7b7d 0x59 0x30 0xB5 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c8336142e91 0xA6 0x41 0x01 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@602916006261 0x28 0x25 0x2D 0x46 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c0e0d7a58bf 0xAE 0xDA 0x32 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@18002d5e8ce0 0x5E 0x1C 0x2A 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb7936d@b8f934a17124 0x2E 0xA1 0xD7 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x8F 0xED 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0xF4 0x8C 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters\Instup_14943445714342294@SetupOperations ????????????r???????????????????????????????????????????????????????????????????????????????? 6?????????????s???\SystemRoot\system32\drivers\aswbidsdriverx.sys?ys?_11??\SystemRoot\system32\drivers\aswbidshx.sys?wse??\??\C:\Program Files\AVAST Software\Avast???\SystemRoot\system32\drivers\aswblogx.sys???@???????????????????????????????-3????@??????}???????????????)??@???????????????????????????????8-???#@??????9?????????????????)e\??winusb.sys????????.????????????n??????h??????????????????/???????????????????????????????????????a?????t?c????P??????????????d???????????D??????????????????????????????AndroidUsbDeviceClass????r?v?????????`?q?c???1???????.??? ???????o???????????~?,????????Z?-?????????\??\C:\Windows\system32\drivers\aswHdsKe.sys?e??BTHENUM\{0000110e-0000-1000-8000-00805f9b34fb}_VID&00020fce_PID&0193\7&31fee78c&0&18002D5E8CE0_C00000000?????????????????????????z???????z???????????????`8??????,???????????????????????????????????????????????????????????0??????????????????? ?????????????????????,?????? Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@002345016c44 0xD1 0xFB 0x8F 0x7E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@303855556cd1 0x5D 0x16 0x59 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@00180fcf7b7d 0x59 0x30 0xB5 0x4E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c8336142e91 0xA6 0x41 0x01 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@602916006261 0x28 0x25 0x2D 0x46 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@6c0e0d7a58bf 0xAE 0xDA 0x32 0x69 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@18002d5e8ce0 0x5E 0x1C 0x2A 0x3B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb7936d@b8f934a17124 0x2E 0xA1 0xD7 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2F 0x8F 0xED 0x7B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAF 0xF4 0x8C 0xE6 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack@LastHeartBeatTime 0x5B 0x11 0x55 0xAB ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack@VortexHttpAttempts 0 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xE6 0x25 0xA4 0x44 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\sdiagnhost.exe 0xA3 0x01 0x25 0x95 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xD1 0xFA 0x3A 0xDC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe 0xE3 0x81 0x53 0xF8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vsta.exe 0x09 0x6E 0x9F 0x45 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 0x97 0x71 0xF3 0xC0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Installer\MSIAA55.tmp 0x0E 0xAF 0x2A 0x5F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Temp\AutoRun.exe 0xD9 0x11 0xF4 0x70 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x76 0x06 0x1D 0xE7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\WINWORD.EXE 0x9D 0x72 0x72 0x48 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ByteFence\ByteFence.exe 0x41 0x18 0xB6 0xF0 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x2B 0x7E 0xC3 0xBB ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe 0x48 0x24 0xC7 0x8F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\The Sims 3\instal\Game\Bin\Sims3Launcher.exe 0x48 0x9A 0x79 0x83 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE 0x7E 0xD8 0x56 0x30 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Setup\MSIs\VSTA\vsta_setup.exe 0x07 0x3D 0x05 0xC8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDRW.exe 0xDE 0xD5 0x53 0x49 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\FontService.exe 0xBC 0xFA 0x10 0xD8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelPP.exe 0x56 0xFC 0x79 0x4F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe 0x58 0x4B 0x50 0xAA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe 0x3E 0x6E 0x15 0xB8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x93 0x63 0x05 0x4B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ByteFence\rsEngineHelper.exe 0xA6 0xDB 0xA2 0x5D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Program Files\ByteFence\ByteFenceService.exe 0xB6 0x2D 0x1A 0xF6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\goldwave\GoldWave\GoldWave.exe 0x83 0xC3 0x72 0x31 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\User\Desktop\SuperOneClick.exe 0xE1 0xB7 0x34 0x17 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume1\Users\User\Desktop\SuperOneClick\SuperOneClick.exe 0x25 0xAC 0x15 0xF2 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x0F 0xBD 0xFB 0x44 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTel\wicainventory.exe 0xDC 0xF4 0x8C 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rundll32.exe 0x29 0xF4 0x89 0x9A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\explorer.exe 0x25 0xCA 0x76 0xD5 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\SearchFilterHost.exe 0xE9 0xF7 0x8B 0x7C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0xB1 0xEE 0x3D 0x55 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\msiexec.exe 0x07 0xB3 0xCB 0x5F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\GWX\GWXConfigManager.exe 0x86 0x6B 0x45 0x81 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\corel portable\CorelDRAW.Graphics.Suite.X6.16.0.0.707.Portable\CorelDRAW X6.exe 0x53 0x37 0xB9 0xC9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X6\Programs\CorelDRW.exe 0xE4 0xAE 0xF4 0xF4 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\WerFault.exe 0xC0 0x4B 0x1F 0x57 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe 0x67 0xAC 0x68 0x85 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\CompatTelRunner.exe 0x2F 0x60 0x98 0x3B ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe 0x13 0xC6 0xC5 0x29 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\McAfee.TrueKey.Service.exe 0xF8 0xFA 0xD2 0x57 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\McTkSchedulerService.exe 0x4B 0xA1 0x00 0x5F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\InstallerEvents.exe 0x91 0x15 0xC7 0x6A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\INTELS~1\TRUEKE~1\Application\vendor\chrome-export.exe 0x99 0xB2 0xBA 0x33 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe 0x94 0x56 0x16 0xB1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\TrueKey\INSTAL~1.EXE 0x35 0xFF 0xB3 0xC8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Facebook\Games\FacebookGames.exe 0x06 0x25 0xA5 0xE1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe 0xE5 0x1B 0xE2 0x0A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\rdrleakdiag.exe 0x10 0xBD 0x25 0x7F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\TrueKey\MCAFEE~3.EXE 0xA8 0x96 0xBB 0xFE ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe 0xB0 0x34 0x6D 0x1E ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\wbem\WmiPrvSE.exe 0x52 0xC4 0x3E 0xD6 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe 0xAA 0xD2 0x4F 0x47 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\PROGRA~1\TrueKey\MC3D2D~1.EXE 0x04 0x16 0x27 0x89 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Malwarebytes Anti-Malware\mbam.exe 0x57 0x27 0x1B 0xCC ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\Downloads\FacebookGamesArcadeSetup.exe 0xB6 0xF7 0xD9 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\Downloads\FRST.exe 0xB1 0x5A 0xC9 0x2F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\Downloads\sv2sv5di.exe 0xBE 0x70 0xE7 0xE7 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Temp\CorelDRAW Graphics Suite X5\15.0.0.488\Setup.exe 0xAC 0x53 0xEF 0xD1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Temp\96ad3\Setup.exe 0x90 0xE2 0x6C 0xEA ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\FontService.exe 0x64 0xD7 0x39 0x7A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDRW.exe 0xB5 0xE1 0x14 0x34 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CrlUISvr.exe 0xF1 0x33 0xE1 0xC3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelPP.exe 0xC8 0x10 0x1A 0xF9 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Users\User\AppData\Local\Temp\AA8FAC20-52AF-432D-B392-59C2EFE5DD2F\Setup.exe 0x9C 0x4B 0x84 0x6F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Windows\System32\fsquirt.exe 0x29 0x5A 0xD2 0x2F ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\KMPlayer\KMPlayer.exe 0x4E 0x3A 0x4D 0x6C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume1\Program Files\ByteFence\ByteFence.exe 0xDA 0x2E 0xF8 0x4D ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D4A5F97A 2172 ---- Files - GMER 2.2 ---- File C:\Users\User\AppData\Local\Temp\etilqs_OIdTOqNEWQnpNu9 0 bytes ---- EOF - GMER 2.2 ----