GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-22 17:25:53 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 Running: erkbn4yb.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\fgroapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xB4CD82D2] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xB4CD9904] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThreadEx [0xB4CD99E0] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xB4CD855E] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xB4CD9A0C] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThreadEx [0xB4CD9A32] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xB4CD9A58] SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xB4CD866E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 81E59369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E92D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81E99DA8 4 Bytes [D2, 82, CD, B4] .text ntkrnlpa.exe!KeRemoveQueueEx + 1203 81E99EB8 8 Bytes [04, 99, CD, B4, E0, 99, CD, ...] {ADD AL, 0x99; INT 0xb4; LOOPNZ 0xffffffffffffff9f; INT 0xb4} .text ntkrnlpa.exe!KeRemoveQueueEx + 12B3 81E99F68 4 Bytes [5E, 85, CD, B4] .text ntkrnlpa.exe!KeRemoveQueueEx + 14DB 81E9A190 8 Bytes [0C, 9A, CD, B4, 32, 9A, CD, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81E9A24C 4 Bytes [58, 9A, CD, B4] .text ... ? C:\windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\Users\Marcin\AppData\Local\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ? system32\drivers\dwprot.sys System nie może odnaleźć określonej ścieżki. ! ? C:\Users\Marcin\AppData\Local\Temp\DA5C67fI.sys Nie można odnaleźć określonego pliku. ! .text advapi32.dll!CreateServiceW 762C712C 6 Bytes [FF, 25, 1E, 00, 93, 71] {JMP [0x7193001e]} .text advapi32.dll!CreateServiceA 762E3158 6 Bytes [FF, 25, 1E, 00, 96, 71] {JMP [0x7196001e]} .text user32.dll!SendMessageA 7617AD60 6 Bytes [FF, 25, 1E, 00, A2, 71] {JMP [0x71a2001e]} .text user32.dll!PostMessageA 7617B446 6 Bytes [FF, 25, 1E, 00, 9C, 71] {JMP [0x719c001e]} .text user32.dll!PostMessageW 7618447B 6 Bytes [FF, 25, 1E, 00, 99, 71] {JMP [0x7199001e]} .text user32.dll!SendMessageW 76185539 6 Bytes [FF, 25, 1E, 00, 9F, 71] {JMP [0x719f001e]} .text user32.dll!mouse_event 76196209 6 Bytes [FF, 25, 1E, 00, AB, 71] {JMP [0x71ab001e]} .text user32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text user32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text user32.dll!keybd_event 761CEC3B 6 Bytes [FF, 25, 1E, 00, A8, 71] {JMP [0x71a8001e]} .text KernelBase.dll!FreeLibrary + B3 75E68B4D 4 Bytes [0A, 00, 3F, 00] ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Users\Marcin\Downloads\erkbn4yb.exe[692] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\windows\system32\Dwm.exe[1344] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\windows\system32\Dwm.exe[1344] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\windows\system32\Dwm.exe[1344] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\windows\system32\Dwm.exe[1344] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\windows\system32\Dwm.exe[1344] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\windows\system32\Dwm.exe[1344] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\Dwm.exe[1344] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\windows\system32\Dwm.exe[1344] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\windows\system32\Dwm.exe[1344] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\windows\system32\Dwm.exe[1344] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [81, 71] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [87, 71] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [7E, 71] {JLE 0x73} .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [84, 71] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [7B, 71] {JNP 0x73} .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [8A, 71] .text C:\windows\system32\notepad.exe[1680] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 718E0F5A .text C:\windows\system32\notepad.exe[1680] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71910F5A .text C:\windows\system32\notepad.exe[1680] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 719D0F5A .text C:\windows\system32\notepad.exe[1680] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 71970F5A .text C:\windows\system32\notepad.exe[1680] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 71940F5A .text C:\windows\system32\notepad.exe[1680] USER32.dll!SendMessageW 76185539 6 Bytes JMP 719A0F5A .text C:\windows\system32\notepad.exe[1680] USER32.dll!mouse_event 76196209 6 Bytes JMP 71A60F5A .text C:\windows\system32\notepad.exe[1680] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\notepad.exe[1680] USER32.dll!SendInput + 4 761A701D 2 Bytes [9F, 71] .text C:\windows\system32\notepad.exe[1680] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A30F5A .text C:\windows\system32\notepad.exe[1680] ws2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71700F5A .text C:\windows\system32\notepad.exe[1680] ws2_32.dll!connect 777C6BDD 6 Bytes JMP 71790F5A .text C:\windows\system32\notepad.exe[1680] ws2_32.dll!listen 777CB001 6 Bytes JMP 71760F5A .text C:\windows\system32\notepad.exe[1680] ws2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71730F5A .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\windows\system32\taskhost.exe[2032] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\windows\system32\taskhost.exe[2032] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\windows\system32\taskhost.exe[2032] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\windows\system32\taskhost.exe[2032] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\windows\system32\taskhost.exe[2032] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\windows\system32\taskhost.exe[2032] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\taskhost.exe[2032] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\windows\system32\taskhost.exe[2032] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\windows\system32\taskhost.exe[2032] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\windows\system32\taskhost.exe[2032] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Windows\System32\igfxpers.exe[2388] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Windows\System32\igfxpers.exe[2388] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Windows\System32\igfxpers.exe[2388] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Windows\System32\igfxtray.exe[2408] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Windows\System32\igfxtray.exe[2408] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Windows\System32\igfxtray.exe[2408] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Windows\System32\hkcmd.exe[2436] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Windows\System32\hkcmd.exe[2436] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Windows\System32\hkcmd.exe[2436] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\windows\system32\igfxsrvc.exe[2716] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\windows\system32\igfxsrvc.exe[2716] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\windows\system32\igfxsrvc.exe[2716] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe[2828] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + 4 77BB55CC 6 Bytes [87, 71, 28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + B 77BB55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + B 77BB5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + 4 77BB5CDC 6 Bytes [84, 71, 68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + B 77BB5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + 4 77BB5D8C 6 Bytes [8A, 71, A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + B 77BB5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessToken + B 77BB5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + 6 77BB5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + B 77BB5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + 6 77BB5E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + B 77BB5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + 6 77BB5E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + B 77BB5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadTokenEx + B 77BB5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + 6 77BB5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + B 77BB5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryFullAttributesFile + B 77BB5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + 6 77BB663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + B 77BB6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + 6 77BB669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + B 77BB66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + B 77BB69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 717C0F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 71790F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] WS2_32.dll!listen 777CB001 6 Bytes JMP 71760F5A .text C:\Program Files\Windows Sidebar\sidebar.exe[2900] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 717F0F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [69, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [6F, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [66, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [6C, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [63, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71760F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71790F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71880F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 71820F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 717F0F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71850F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!mouse_event 76196209 6 Bytes JMP 71910F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!SendInput + 4 761A701D 2 Bytes [8A, 71] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 718E0F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71940F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 719D0F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] WS2_32.dll!listen 777CB001 6 Bytes JMP 719A0F5A .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2964] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71970F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 716D0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 716A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] WS2_32.dll!listen 777CB001 6 Bytes JMP 71670F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2980] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71700F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3124] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + 4 77BB55CC 6 Bytes [87, 71, 28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtCreateFile + B 77BB55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtMapViewOfSection + B 77BB5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + 4 77BB5CDC 6 Bytes [84, 71, 68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenFile + B 77BB5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + 4 77BB5D8C 6 Bytes [8A, 71, A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcess + B 77BB5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessToken + B 77BB5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + 6 77BB5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenProcessTokenEx + B 77BB5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + 6 77BB5E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThread + B 77BB5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + 6 77BB5E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadToken + B 77BB5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtOpenThreadTokenEx + B 77BB5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + 6 77BB5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryAttributesFile + B 77BB5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtQueryFullAttributesFile + B 77BB5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + 6 77BB663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationFile + B 77BB6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + 6 77BB669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetInformationThread + B 77BB66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ntdll.dll!NtUnmapViewOfSection + B 77BB69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3432] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\windows\system32\ctfmon.exe[3464] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\windows\system32\ctfmon.exe[3464] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\windows\system32\ctfmon.exe[3464] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\windows\Explorer.exe[3616] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\windows\Explorer.exe[3616] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\windows\Explorer.exe[3616] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\windows\Explorer.exe[3616] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\windows\Explorer.exe[3616] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\windows\Explorer.exe[3616] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\windows\Explorer.exe[3616] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\windows\Explorer.exe[3616] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\windows\Explorer.exe[3616] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\Explorer.exe[3616] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\windows\Explorer.exe[3616] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\windows\Explorer.exe[3616] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 716D0F5A .text C:\windows\Explorer.exe[3616] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 716A0F5A .text C:\windows\Explorer.exe[3616] WS2_32.dll!listen 777CB001 6 Bytes JMP 71670F5A .text C:\windows\Explorer.exe[3616] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71700F5A .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [81, 71] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [87, 71] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [7E, 71] {JLE 0x73} .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [84, 71] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [7B, 71] {JNP 0x73} .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [8A, 71] .text C:\windows\system32\NOTEPAD.EXE[3884] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 718E0F5A .text C:\windows\system32\NOTEPAD.EXE[3884] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71910F5A .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 719D0F5A .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 71970F5A .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 71940F5A .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!SendMessageW 76185539 6 Bytes JMP 719A0F5A .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!mouse_event 76196209 6 Bytes JMP 71A60F5A .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!SendInput + 4 761A701D 2 Bytes [9F, 71] .text C:\windows\system32\NOTEPAD.EXE[3884] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A30F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [69, 71] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [66, 71] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71910F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 718B0F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 71880F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!SendMessageW 76185539 6 Bytes JMP 718E0F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!mouse_event 76196209 6 Bytes JMP 719A0F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!SendInput + 4 761A701D 2 Bytes [93, 71] .text C:\Program Files\Last.fm\LastFM.exe[3984] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71970F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71820F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71850F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 719D0F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 71A60F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] WS2_32.dll!listen 777CB001 6 Bytes JMP 71A30F5A .text C:\Program Files\Last.fm\LastFM.exe[3984] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + 4 77BB55CC 6 Bytes [87, 71, 28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + B 77BB55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + B 77BB5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + 4 77BB5CDC 6 Bytes [84, 71, 68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + B 77BB5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + 4 77BB5D8C 6 Bytes [8A, 71, A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + B 77BB5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + B 77BB5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + 6 77BB5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + B 77BB5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + 6 77BB5E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + B 77BB5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + 6 77BB5E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + B 77BB5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + B 77BB5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + 6 77BB5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + B 77BB5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + B 77BB5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + 6 77BB663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + B 77BB6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + 6 77BB669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + B 77BB66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + B 77BB69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [81, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [87, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [84, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [8A, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 719D0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 71970F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 71940F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!SendMessageW 76185539 6 Bytes JMP 719A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!mouse_event 76196209 6 Bytes JMP 71A60F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!SendInput + 4 761A701D 2 Bytes [9F, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A30F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 718E0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71910F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 716A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 71670F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] WS2_32.dll!listen 777CB001 6 Bytes JMP 71700F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4144] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 716D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + 4 77BB55CC 6 Bytes [87, 71, 28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtCreateFile + B 77BB55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtMapViewOfSection + B 77BB5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + 4 77BB5CDC 6 Bytes [84, 71, 68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenFile + B 77BB5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + 4 77BB5D8C 6 Bytes [8A, 71, A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcess + B 77BB5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessToken + B 77BB5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + 6 77BB5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenProcessTokenEx + B 77BB5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + 6 77BB5E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThread + B 77BB5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + 6 77BB5E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadToken + B 77BB5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtOpenThreadTokenEx + B 77BB5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + 6 77BB5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryAttributesFile + B 77BB5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtQueryFullAttributesFile + B 77BB5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + 6 77BB663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationFile + B 77BB6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + 6 77BB669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetInformationThread + B 77BB66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ntdll.dll!NtUnmapViewOfSection + B 77BB69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4388] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[4456] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4616] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtCreateFile + 4 77BB55CC 6 Bytes [87, 71, 28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtCreateFile + B 77BB55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtMapViewOfSection + B 77BB5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenFile + 4 77BB5CDC 6 Bytes [84, 71, 68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenFile + B 77BB5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcess + 4 77BB5D8C 6 Bytes [8A, 71, A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcess + B 77BB5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcessToken + B 77BB5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcessTokenEx + 6 77BB5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenProcessTokenEx + B 77BB5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThread + 6 77BB5E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThread + B 77BB5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThreadToken + 6 77BB5E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThreadToken + B 77BB5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtOpenThreadTokenEx + B 77BB5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtQueryAttributesFile + 6 77BB5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtQueryAttributesFile + B 77BB5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtQueryFullAttributesFile + B 77BB5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationFile + 6 77BB663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationFile + B 77BB6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationThread + 6 77BB669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetInformationThread + B 77BB66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ntdll.dll!NtUnmapViewOfSection + B 77BB69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[4700] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [81, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [87, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [84, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [8A, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 719D0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 71970F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 71940F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!SendMessageW 76185539 6 Bytes JMP 719A0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!mouse_event 76196209 6 Bytes JMP 71A60F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!SendInput + 4 761A701D 2 Bytes [9F, 71] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A30F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 718E0F5A .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[4928] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71910F5A .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [81, 71] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [87, 71] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [7E, 71] {JLE 0x73} .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [84, 71] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [7B, 71] {JNP 0x73} .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [8A, 71] .text C:\windows\system32\rundll32.exe[5384] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 719D0F5A .text C:\windows\system32\rundll32.exe[5384] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 71970F5A .text C:\windows\system32\rundll32.exe[5384] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 71940F5A .text C:\windows\system32\rundll32.exe[5384] USER32.dll!SendMessageW 76185539 6 Bytes JMP 719A0F5A .text C:\windows\system32\rundll32.exe[5384] USER32.dll!mouse_event 76196209 6 Bytes JMP 71A60F5A .text C:\windows\system32\rundll32.exe[5384] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\windows\system32\rundll32.exe[5384] USER32.dll!SendInput + 4 761A701D 2 Bytes [9F, 71] .text C:\windows\system32\rundll32.exe[5384] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A30F5A .text C:\windows\system32\rundll32.exe[5384] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 718E0F5A .text C:\windows\system32\rundll32.exe[5384] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71910F5A .text C:\windows\system32\rundll32.exe[5384] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71700F5A .text C:\windows\system32\rundll32.exe[5384] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 71790F5A .text C:\windows\system32\rundll32.exe[5384] WS2_32.dll!listen 777CB001 6 Bytes JMP 71760F5A .text C:\windows\system32\rundll32.exe[5384] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71730F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Users\Marcin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[5664] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtCreateFile + 4 77BB55CC 2 Bytes [87, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtOpenFile + 4 77BB5CDC 2 Bytes [84, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtOpenProcess + 4 77BB5D8C 2 Bytes [8A, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Asus\Eee Docking\Eee Docking.exe[5700] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtCreateFile 77BB55C8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtCreateFile + 4 77BB55CC 6 Bytes [87, 71, 28, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtCreateFile + B 77BB55D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtDeleteValueKey 77BB5848 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtDeleteValueKey + 4 77BB584C 2 Bytes [8D, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtMapViewOfSection + 6 77BB5C2E 4 Bytes [28, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtMapViewOfSection + B 77BB5C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenFile 77BB5CD8 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenFile + 4 77BB5CDC 6 Bytes [84, 71, 68, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenFile + B 77BB5CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcess 77BB5D88 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcess + 4 77BB5D8C 6 Bytes [8A, 71, A8, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcess + B 77BB5D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcessToken + B 77BB5DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcessTokenEx + 6 77BB5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcessTokenEx + B 77BB5DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThread + 6 77BB5E0E 4 Bytes [68, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThread + B 77BB5E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThreadToken + 6 77BB5E1E 4 Bytes [68, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThreadToken + B 77BB5E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThreadTokenEx + B 77BB5E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtQueryAttributesFile + 6 77BB5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtQueryAttributesFile + B 77BB5F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtQueryFullAttributesFile + B 77BB5FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetContextThread 77BB6568 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetContextThread + 4 77BB656C 2 Bytes [81, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationFile + 6 77BB663E 4 Bytes [28, 01, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationFile + B 77BB6643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationThread + 6 77BB669E 4 Bytes [28, 02, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationThread + B 77BB66A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetValueKey 77BB6808 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetValueKey + 4 77BB680C 2 Bytes [90, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtUnmapViewOfSection + 6 77BB69BE 4 Bytes [68, 03, 07, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtUnmapViewOfSection + B 77BB69C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!SendMessageA 7617AD60 6 Bytes JMP 71A30F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!PostMessageA 7617B446 6 Bytes JMP 719D0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!PostMessageW 7618447B 6 Bytes JMP 719A0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!SendMessageW 76185539 6 Bytes JMP 71A00F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!mouse_event 76196209 6 Bytes JMP 71AC0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!SendInput 761A7019 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!SendInput + 4 761A701D 2 Bytes [A5, 71] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] USER32.dll!keybd_event 761CEC3B 6 Bytes JMP 71A90F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ADVAPI32.dll!CreateServiceW 762C712C 6 Bytes JMP 71940F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ADVAPI32.dll!CreateServiceA 762E3158 6 Bytes JMP 71970F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] WS2_32.dll!GetAddrInfoW 777C4889 6 Bytes JMP 71760F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] WS2_32.dll!connect 777C6BDD 6 Bytes JMP 717F0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] WS2_32.dll!listen 777CB001 6 Bytes JMP 717C0F5A .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] WS2_32.dll!gethostbyname 777D7673 6 Bytes JMP 71790F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2464] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2464] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2464] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2464] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2464] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe[2464] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73832437] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73815600] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [738156BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipFree] [738324B2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73828514] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73824CC8] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [7382506F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73825144] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73826671] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7382826B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [738287BA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7382901B] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7382E1BE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.exe[3616] @ C:\windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73824BFA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5384] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5384] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5384] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5384] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5384] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\windows\system32\rundll32.exe[5384] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 81B54008 Device \FileSystem\Ntfs \Ntfs 8394C338 Device \FileSystem\Ntfs \Ntfs 8E72F558 Device \FileSystem\Ntfs \Ntfs 838C0848 Device \FileSystem\Ntfs \Ntfs 85B237E0 Device \FileSystem\Ntfs \Ntfs 85CA5870 AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys Device \FileSystem\fastfat \FatCdrom 83958970 Device \FileSystem\fastfat \FatCdrom 8E52CE78 Device \FileSystem\fastfat \FatCdrom 84124D48 Device \FileSystem\fastfat \FatCdrom 8E429078 Device \FileSystem\fastfat \FatCdrom 8ACCCB98 Device \FileSystem\fastfat \FatCdrom 838EFA18 AttachedDevice \Driver\tdx \Device\Tcp dwprot.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp dwprot.sys AttachedDevice \Driver\tdx \Device\RawIp dwprot.sys Device \FileSystem\fastfat \Fat 83958970 Device \FileSystem\fastfat \Fat 8E52CE78 Device \FileSystem\fastfat \Fat 84124D48 Device \FileSystem\fastfat \Fat 8E429078 Device \FileSystem\fastfat \Fat 8ACCCB98 Device \FileSystem\fastfat \Fat 838EFA18 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat dwprot.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6165510 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6165510@002483df1af7 0x7D 0x81 0xCC 0x73 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6165510@b08991f1758b 0x16 0xC9 0x46 0xCF ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6165510 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6165510@002483df1af7 0x7D 0x81 0xCC 0x73 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6165510@b08991f1758b 0x16 0xC9 0x46 0xCF ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1 ---- EOF - GMER 1.0.15 ----