GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-10 06:43:52 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB Running: rd9f56g1.exe; Driver: C:\DOCUME~1\Szymon\USTAWI~1\Temp\uftdypoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xB00537E4] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwAllocateVirtualMemory [0xAE0F024A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xB0052D90] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xB005344A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xB0054040] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xB0055C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xB0055F9E] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwCreateThread [0xAE0F2304] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xB00539D0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xB0053BE8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xB0052582] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xB005482A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xB0054A80] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwFreeVirtualMemory [0xAE0F05C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xB0055652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xB0053058] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xB0053626] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xB0054030] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xB00521B0] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwOpenSection [0xAE0EFF6E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xB00523B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xB0054C8E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xB00550E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xB0054EA0] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwQueueApcThread [0xAE0F2496] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xB00545B2] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwSetContextThread [0xAE0F2536] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xB0053E54] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xB005593E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xB005430A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xB0052FC2] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwSystemDebugControl [0xAE0EFE24] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xB0052B92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xB0052980] SSDT \??\c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys ZwWriteVirtualMemory [0xAE0F070C] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CC8 80504554 4 Bytes CALL CB004A94 ? roqrctt.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB2CAE3C0, 0x749CBA, 0xE8000020] ? c:\documents and settings\szymon\ustawienia lokalne\temp\7112C700.sys Nie można odnaleźć określonego pliku. ! ? c:\documents and settings\szymon\ustawienia lokalne\temp\78D61981.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[220] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0073D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0074BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0074B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00747F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0073D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00745070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00745C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00748D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00748AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00749E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00749D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00743BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe[328] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 007444D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, F8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, FB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, F8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, F9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9192F4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, FA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, F9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, FA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B919365 .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, F8, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B919493 .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, F9, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, FA, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, FB, BC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[432] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 08, 75, 00] {SUB [EAX], CL; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 0B, 75, 00] {SUB [EBX], CL; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 08, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 09, 75, 00] {TEST AL, 0x9; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B914B04 .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 0A, 75, 00] {TEST AL, 0xa; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 09, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 0A, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B914B75 .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 08, 75, 00] {TEST AL, 0x8; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B914CA3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 09, 75, 00] {SUB [ECX], CL; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 0A, 75, 00] {SUB [EDX], CL; JNZ 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 0B, 75, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[596] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Dokan\DokanLibrary\mounter.exe[716] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre7\bin\jqs.exe[868] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[968] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[992] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1036] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\nvsvc32.exe[1068] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1116] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1140] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1152] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe[1324] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1336] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1360] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1424] rpcss.dll!WhichService 76A63C84 8 Bytes JMP EDF01001 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1460] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1464] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\PnkBstrA.exe[1524] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1568] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1568] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 5 Bytes JMP 1001F870 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1604] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1700] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, AC, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, AF, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, AC, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, AD, 00, 01] {TEST AL, 0xad; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91D6A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, AE, 00, 01] {TEST AL, 0xae; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, AD, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, AE, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91D719 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, AC, 00, 01] {TEST AL, 0xac; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91D847 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, AD, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, AE, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, AF, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1716] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[1784] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 80, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 83, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 80, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 81, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91257C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 82, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 81, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 82, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9125ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 80, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91271B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 81, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 82, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 83, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1792] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00ABD120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 00ACBCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 00ACB9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AC7F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00ABD240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC5070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC5C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00AC3BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00AC44D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00AC8D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 00AC8AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 00AC9E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\foobar2000\foobar2000.exe[1844] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 00AC9D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[2028] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 4C, 6F, 00] {SUB [EDI+EBP*2+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 4F, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 4C, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 4D, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B914548 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 4E, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 4D, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 4E, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9145B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 4C, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9146E7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 4D, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 4E, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 4F, 6F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2032] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox\bin\Dropbox.exe[2072] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 60, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 63, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 60, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 61, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EC5C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 62, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 61, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 62, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ECCD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 60, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EDFB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 61, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 62, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 63, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2632] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2744] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[2776] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 50, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 53, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 50, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 51, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91244C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 52, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 51, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 52, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9124BD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 50, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9125EB .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 51, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 52, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 53, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 8C, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 8F, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 8C, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 8D, 3B, 00] {TEST AL, 0x8d; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B911188 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 8E, 3B, 00] {TEST AL, 0x8e; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 8D, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 8E, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9111F9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 8C, 3B, 00] {TEST AL, 0x8c; CMP EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B911327 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 8D, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 8E, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 8F, 3B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3092] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3124] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Szymon\Pulpit\rd9f56g1.exe[3292] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, CC, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, CF, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, CC, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, CD, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F4C8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, CE, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, CD, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, CE, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F539 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, CC, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F667 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, CD, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, CE, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, CF, 1E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3424] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9124B4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912525 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912653 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, 4E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3540] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 70, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 73, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 70, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 71, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91236C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 72, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 71, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 72, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9123DD .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 70, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91250B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 71, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 72, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 73, 4D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3664] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3752] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 020FD120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 0210BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 0210B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02107F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 020FD240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02105070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02105C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 02108D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 02108AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 02109E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 02109D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 02103BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\Last.fm Scrobbler.exe[3800] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 021044D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 80, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 83, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 80, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 81, 32, 00] {TEST AL, 0x81; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91087C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 82, 32, 00] {TEST AL, 0x82; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 81, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 82, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9108ED .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 80, 32, 00] {TEST AL, 0x80; XOR AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910A1B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 81, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 82, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 83, 32, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3948] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 24, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 27, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 24, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 25, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B917220 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 26, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 25, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 26, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B917291 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 24, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9173BF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 25, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 26, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 27, 9C, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3956] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, EC, 18, 00] {SUB AH, CH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, EF, 18, 00] {SUB BH, CH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, EC, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, ED, 18, 00] {TEST AL, 0xed; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EEE8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, EE, 18, 00] {TEST AL, 0xee; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, ED, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, EE, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EF59 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, EC, 18, 00] {TEST AL, 0xec; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F087 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, ED, 18, 00] {SUB CH, CH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, EE, 18, 00] {SUB DH, CH; SBB [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, EF, 18, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3964] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91C4B4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91C525 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91C653 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, AC, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, AF, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, AC, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, AD, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9193A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, AE, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, AD, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, AE, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B919419 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, AC, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B919547 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, AD, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, AE, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, AF, BD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 5C, AB, 00] {SUB [EBX+EBP*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 5F, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 5C, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 5D, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B918158 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 5E, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 5D, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 5E, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B9181C9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 5C, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B9182F7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 5D, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 5E, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 5F, AB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] GDI32.dll!GetPixel 77F1B73C 5 Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] GDI32.dll!CreateDCA 77F1B7C2 5 Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4092] GDI32.dll!CreateDCW 77F1BE28 5 Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 89C5A150 Device \FileSystem\Ntfs \Ntfs 89ABBA10 Device \FileSystem\Ntfs \Ntfs 899E9B30 AttachedDevice \FileSystem\Ntfs \Ntfs 7112C700.sys AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Ip 7112C700.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp 7112C700.sys Device \Driver\usb_rndisx \Device\{3F680AFA-CD95-4E17-AE81-A353012AB37F} RNDISMPX.SYS AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp 7112C700.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp 7112C700.sys Device \FileSystem\519C339241570A04 \Device\519C339241570A04 7112C700.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????C:??????en??? ?????????????????????"??????????ac?????????C???????????r??????' ???????&???????]???p???e????????h????????????????????? ???Microsoft????????????????????9???????????????????????????????????????????????*?*?"???????????a??????e\???????????v???????.??????????? ?????????????????????????????????????????????=???=????MRxDAV?-00???????????????????????????????????????????v??????C:\WINDOWS\system32\cmd.exe?????C:\WINDOWS\system32\cmd.exe?55???? ??????6??????E:\Exhibeon.jar??2???2??????????????? ??????????????????????????????????????????????????????????? ??????????????t????????????.???????0???????????.?m?.???????????i????????????????b??????.?????h?.????N??????.?D?.???????????????????????????????? ?????????????????????192.168.42.129???.??C:\Program Files\COMODO\COMODO Internet Security????? ?????????????????????"????????N?????1?????{DE3E97DF-0342-4168-93D0-2E241AD9E6D9}????????8?????????????COMODO - Proactive Security??????????????????n????"?????????????????5.12.256249.2599????????????????? ????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\Video\{9785E82E-15AD-426F-BD26-45B27CE50AC1}\0000@D3D_\x3332\x3331 2089309684 Reg HKLM\SYSTEM\ControlSet003\Control\Video\{9785E82E-15AD-426F-BD26-45B27CE50AC1}\0000@D3D_\x3332\x3331 2089309684 ---- Files - GMER 2.1 ---- File C:\Program Files\Steam\.crash 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1325108F-9FD6-43A6-928C-E80ACF19EFF1.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1325108F-9FD6-43A6-928C-E80ACF19EFF1.data.info 248 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\14E9584E-32BD-46A1-B1BF-45AD2C4ECB7B.data 651264 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\14E9584E-32BD-46A1-B1BF-45AD2C4ECB7B.data.info 290 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1876F855-531F-400A-9CE6-E0145C8ADBBF.data 34577 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1876F855-531F-400A-9CE6-E0145C8ADBBF.data.info 204 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\36CBA25F-B498-4D93-9A09-B69D7B625400.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\36CBA25F-B498-4D93-9A09-B69D7B625400.data.info 240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3E66AF83-540A-44B0-8C07-5BC6AD7EB15F.data 342016 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3E66AF83-540A-44B0-8C07-5BC6AD7EB15F.data.info 240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\45C2FC4A-0B9C-4C58-A545-20EAABEBAD11.data 68 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\45C2FC4A-0B9C-4C58-A545-20EAABEBAD11.data.info 192 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5433EF0B-C8BF-48F6-B759-3FD91FA84998.data 2150904 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7A95744-4609-4845-8B4A-E0F10EB131A0.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7A95744-4609-4845-8B4A-E0F10EB131A0.data.info 238 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ABE75696-7A23-4BD3-8FB4-0A96667DF6C1.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ABE75696-7A23-4BD3-8FB4-0A96667DF6C1.data.info 260 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C2F2C3C3-8AEF-4FD7-848E-212BDC309717.data 27280 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\C2F2C3C3-8AEF-4FD7-848E-212BDC309717.data.info 194 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CE41E147-04B6-460E-8547-DEF0F7EF294E.data 13388 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D652F9E2-0225-46ED-AD41-A34EDA04EDC5.data 15000000 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D652F9E2-0225-46ED-AD41-A34EDA04EDC5.data.info 240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9BD6D47-D494-47BD-A83F-3FE62873876C.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9BD6D47-D494-47BD-A83F-3FE62873876C.data.info 260 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F57C556B-571B-4E82-BDD5-1D55865CCBF2.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F57C556B-571B-4E82-BDD5-1D55865CCBF2.data.info 260 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FEF12B20-7EA6-4839-B913-903FFB9E725B.data 6663680 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FEF12B20-7EA6-4839-B913-903FFB9E725B.data.info 240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6BEF5BB3-CB7C-4AFE-BF18-E8B9EE24A4AF.data 11769864 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6BEF5BB3-CB7C-4AFE-BF18-E8B9EE24A4AF.data.info 280 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8CC421F6-76E0-4202-A371-133687A58C7D.data 6664704 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8CC421F6-76E0-4202-A371-133687A58C7D.data.info 240 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A1D4CC3E-3AF6-4A81-B5AC-A9199AE1C1F1.data 6664704 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A1D4CC3E-3AF6-4A81-B5AC-A9199AE1C1F1.data.info 150 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A5A43843-DCD1-4074-BB04-A4A8D6A04525.data 651264 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A5A43843-DCD1-4074-BB04-A4A8D6A04525.data.info 290 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5433EF0B-C8BF-48F6-B759-3FD91FA84998.data.info 188 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CE41E147-04B6-460E-8547-DEF0F7EF294E.data.info 258 bytes File C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000aa5 24991 bytes File C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000aa6 501939 bytes ---- EOF - GMER 2.1 ----