GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-02-02 05:18:05 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\00000068 ST325031 rev.3.AA 232,89GB Running: bgm1wom7.exe; Driver: C:\Users\Artur\AppData\Local\Temp\pxldrpoc.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8E64CACC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8E64D5AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8E659692] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8E6596DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8E659878] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8E659600] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwCreateSection [0x8E703426] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8E659648] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8E64DAE0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8E64DCFC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8E659832] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8E64E398] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8E64CB32] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8E651BE4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8E64C71E] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwMapViewOfSection [0x8E703506] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8E64CB98] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8E651FDA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8E64EEDE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8E6596BC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8E659700] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8E65989C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8E659626] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8E6514DE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8E6597B0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8E659670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8E6518C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8E659856] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8E7032AA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8E64ECF4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x8E64EA02] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8E64CBFE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8E64CC64] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8E703602] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8E64C7B8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8E64C98A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8E64C918] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8E64E562] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8E64E6C4] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8E64CA12] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwTerminateProcess [0x8E703378] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8E64E1F2] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8E64CCCA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8E64D606] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C92579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82CBE714 4 Bytes [CC, CA, 64, 8E] {INT 3 ; RETF 0x8e64} .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82CBE79C 4 Bytes [AA, D5, 64, 8E] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82CBE7F0 8 Bytes [92, 96, 65, 8E, DE, 96, 65, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82CBE7FC 4 Bytes JMP E8646083 .text ntkrnlpa.exe!RtlSidHashLookup + 318 82CBE818 4 Bytes [00, 96, 65, 8E] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82EBC0EA 4 Bytes CALL 8E64F5C5 \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EC41C5 4 Bytes CALL 8E64F5DB \??\C:\Windows\system32\drivers\aswSnx.sys .sptd1 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd1" section [0x88D4B774] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\wininit.exe[492] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\wininit.exe[492] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wininit.exe[492] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[540] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[540] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\Dwm.exe[540] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] services.exe 00AB1608 4 Bytes [80, E1, 01, 10] .text C:\Windows\system32\services.exe[552] services.exe 00AB1618 4 Bytes [60, DC, 01, 10] .text C:\Windows\system32\services.exe[552] services.exe 00AB1638 4 Bytes [A0, E4, 01, 10] .text C:\Windows\system32\services.exe[552] services.exe 00AB1648 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffe0; ADD [EAX], EDX} .text C:\Windows\system32\services.exe[552] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\services.exe[552] RPCRT4.dll!RpcServerRegisterIfEx 763C2640 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\services.exe[552] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\lsass.exe[568] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsass.exe[568] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\lsm.exe[584] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[604] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[604] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\winlogon.exe[604] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[748] RPCRT4.dll!RpcServerRegisterIfEx 763C2640 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[748] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[824] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[824] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[848] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[896] RPCRT4.dll!RpcServerRegisterIfEx 763C2640 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] rpcss.dll!CoGetComCatalog 748B3A14 8 Bytes JMP ED501001 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[896] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[948] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1072] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1112] RPCRT4.dll!RpcServerRegisterIfEx 763C2640 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\alg.exe[1196] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\alg.exe[1196] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1280] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe[1472] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\Explorer.EXE[1496] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Explorer.EXE[1496] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1512] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\taskhost.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1536] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1544] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\nvvsvc.exe[1544] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1680] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\WLANExt.exe[1680] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\conhost.exe[1688] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[1688] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1784] RPCRT4.dll!RpcServerRegisterIfEx 763C2640 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1876] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\UI0Detect.exe[1968] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\UI0Detect.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\UI0Detect.exe[1968] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\vds.exe[2056] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\vds.exe[2056] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\dllhost.exe[2208] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\dllhost.exe[2208] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\ehome\ehRecvr.exe[2316] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\ehome\ehRecvr.exe[2316] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[2460] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe[2608] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wbem\WmiApSrv.exe[2656] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\svchost.exe[2684] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[2684] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe[2712] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\msdtc.exe[2756] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\msdtc.exe[2756] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe[2924] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3092] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 18, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 1B, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 18, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 19, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 76292804 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 1A, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 19, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 1A, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 76292895 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 18, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 76292A53 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 19, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 1A, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 1B, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3112] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] kernel32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetConnectW 75AF0492 5 Bytes JMP 1002A900 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] wininet.dll!InternetConnectA 75AF054F 5 Bytes JMP 1002A920 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] shell32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] shell32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] shell32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] shell32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!WSASocketW 77433D1B 7 Bytes JMP 1002A8C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Skype\Phone\Skype.exe[3120] WS2_32.dll!WSASocketA 7743B7FC 5 Bytes JMP 1002A8E0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WNA3100.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSASocketW 77433D1B 7 Bytes JMP 1002A8C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3296] WS2_32.dll!WSASocketA 7743B7FC 5 Bytes JMP 1002A8E0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3448] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3540] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3572] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, F8, 7E, 00] {SUB AL, BH; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, FB, 7E, 00] {SUB BL, BH; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, F8, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, F9, 7E, 00] {TEST AL, 0xf9; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 7628D0E4 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, FA, 7E, 00] {TEST AL, 0xfa; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, F9, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, FA, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 7628D175 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, F8, 7E, 00] {TEST AL, 0xf8; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 7628D333 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, F9, 7E, 00] {SUB CL, BH; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, FA, 7E, 00] {SUB DL, BH; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, FB, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3612] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3648] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3648] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[3664] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3664] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3812] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[3812] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[3848] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3848] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[3956] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\locator.exe[3976] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[4004] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\svchost.exe[4004] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\svchost.exe[4004] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\SlimCleaner Plus\SlimServiceFactory.exe[4060] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\System32\snmptrap.exe[4092] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\System32\snmptrap.exe[4092] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4112] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4240] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\SearchIndexer.exe[4240] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\System32\svchost.exe[4316] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe[4380] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[4424] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[4640] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\wuauclt.exe[4640] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 10, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 13, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 10, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 11, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 7628D4FC C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 12, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 11, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 12, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 7628D58D C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 10, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 7628D74B C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 11, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 12, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 13, 83, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4920] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\DllHost.exe[5288] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\DllHost.exe[5288] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, D0, B1, 00] {SUB AL, DL; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, D3, B1, 00] {SUB BL, DL; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, D0, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, D1, B1, 00] {TEST AL, 0xd1; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 762903BC C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, D2, B1, 00] {TEST AL, 0xd2; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, D1, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, D2, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 7629044D C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, D0, B1, 00] {TEST AL, 0xd0; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 7629060B C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, D1, B1, 00] {SUB CL, DL; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, D2, B1, 00] {SUB DL, DL; MOV CL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, D3, B1, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5424] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 2C, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 2F, 31, 00] {SUB [EDI], CH; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 2C, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 2D, 31, 00] {TEST AL, 0x2d; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 76288318 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 2E, 31, 00] {TEST AL, 0x2e; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 2D, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 2E, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 762883A9 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 2C, 31, 00] {TEST AL, 0x2c; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 76288567 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 2D, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 2E, 31, 00] {SUB [ESI], CH; XOR [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 2F, 31, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5436] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5676] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 58, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 5B, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 58, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 59, 22, 00] {TEST AL, 0x59; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 76287444 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 5A, 22, 00] {TEST AL, 0x5a; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 59, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 5A, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 762874D5 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 58, 22, 00] {TEST AL, 0x58; AND AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 76287693 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 59, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 5A, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 5B, 22, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5944] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 38, 30, 00] {SUB [EAX], BH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 3B, 30, 00] {SUB [EBX], BH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 38, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 39, 30, 00] {TEST AL, 0x39; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 76288224 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 3A, 30, 00] {TEST AL, 0x3a; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 39, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 3A, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 762882B5 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 38, 30, 00] {TEST AL, 0x38; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 76288473 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 39, 30, 00] {SUB [ECX], BH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 3A, 30, 00] {SUB [EDX], BH; XOR [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 3B, 30, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6016] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 80, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 83, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 80, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 81, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 76293C6C C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 82, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 81, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 82, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 76293CFD C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 80, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 76293EBB C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 81, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 82, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 83, EA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6108] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Windows\system32\conhost.exe[6132] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Windows\system32\conhost.exe[6132] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] ntdll.dll!LdrUnloadDll 7729BE7F 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] kernel32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] kernel32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] kernel32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] kernel32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Users\Artur\Downloads\bgm1wom7.exe[6504] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtAllocateVirtualMemory 77284720 5 Bytes JMP 1002ADA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtAlpcSendWaitReceivePort 77284860 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtClose 77284910 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtCreateFile 77284A10 5 Bytes JMP 1002AD60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtCreateFile + 6 77284A16 4 Bytes [28, 9C, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtCreateFile + B 77284A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtCreateProcess 77284AE0 5 Bytes JMP 1002AE20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtCreateProcessEx 77284AF0 5 Bytes JMP 1002AE00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtDeleteFile 77284C50 5 Bytes JMP 1002ADC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtFreeVirtualMemory 77284E20 5 Bytes JMP 1002A430 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtLoadDriver 77284FA0 5 Bytes JMP 1002AD80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtMapViewOfSection + 6 77285076 4 Bytes [28, 9F, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtMapViewOfSection + B 7728507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenFile 77285120 5 Bytes JMP 1002AD40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenFile + 6 77285126 4 Bytes [68, 9C, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenFile + B 7728512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenProcess + 6 772851D6 4 Bytes [A8, 9D, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenProcess + B 772851DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenProcessToken + 6 772851E6 4 Bytes CALL 76294288 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenProcessToken + B 772851EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenProcessTokenEx + 6 772851F6 4 Bytes [A8, 9E, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenProcessTokenEx + B 772851FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenThread + 6 77285256 4 Bytes [68, 9D, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenThread + B 7728525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenThreadToken + 6 77285266 4 Bytes [68, 9E, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenThreadToken + B 7728526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenThreadTokenEx + 6 77285276 4 Bytes CALL 76294319 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtOpenThreadTokenEx + B 7728527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtProtectVirtualMemory 77285360 5 Bytes JMP 1002A3E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtQueryAttributesFile + 6 77285386 4 Bytes [A8, 9C, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtQueryAttributesFile + B 7728538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtQueryFullAttributesFile + 6 77285436 4 Bytes CALL 762944D7 C:\Windows\system32\ADVAPI32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtQueryFullAttributesFile + B 7728543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtSetInformationFile + 6 77285A86 4 Bytes [28, 9D, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtSetInformationFile + B 77285A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtSetInformationProcess 77285AC0 5 Bytes JMP 1002AD00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtSetInformationThread + 6 77285AE6 4 Bytes [28, 9E, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtSetInformationThread + B 77285AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtUnloadDriver 77285DA0 1 Byte [E9] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtUnloadDriver 77285DA0 5 Bytes JMP 1002AD20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtUnmapViewOfSection + 6 77285E06 4 Bytes [68, 9F, F0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtUnmapViewOfSection + B 77285E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!NtWriteVirtualMemory 77285EE0 5 Bytes JMP 1002ADE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!KiUserExceptionDispatcher 77286448 5 Bytes JMP 1002A6F0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!RtlAllocateHeap 7729209D 5 Bytes JMP 1002A480 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!LdrUnloadDll 7729BE7F 5 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!LdrGetProcedureAddress 7729EE27 5 Bytes JMP 1002ACE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ntdll.dll!LdrLoadDll 7729F585 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CreateProcessW 762C202D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CreateProcessA 762C2062 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!OpenFile 762F410F 5 Bytes JMP 1002AC40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CreateProcessAsUserW 762F79B4 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CopyFileW 762F8C8F 5 Bytes JMP 1002ABC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!MoveFileW 762FA173 5 Bytes JMP 1002AB40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CopyFileExW 763007BB 7 Bytes JMP 1002AB80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!VirtualProtect 763050AB 5 Bytes JMP 1002A9C0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!DeleteFileW 7630656B 5 Bytes JMP 1002AA80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!DeleteFileA 76308BB6 5 Bytes JMP 1002AAA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!LoadLibraryExW 7630B6BF 5 Bytes JMP 1002AC60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!LoadLibraryExA 7630BC8B 5 Bytes JMP 1002AC80 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!MoveFileWithProgressW 7630BF04 5 Bytes JMP 1002AAC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!MoveFileExW 7630BF28 5 Bytes JMP 1002AB00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CreateFileW 76310B5D 5 Bytes JMP 1002AC00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!GetProcAddress 76311837 5 Bytes JMP 1002ACC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!GetModuleHandleW 763119A1 5 Bytes JMP 1002AA40 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!LoadLibraryA 76312864 5 Bytes JMP 1002AA20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!LoadLibraryW 763128B2 5 Bytes JMP 1002AA00 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!GetModuleHandleA 763128D7 5 Bytes JMP 1002AA60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CreateFileA 763128FC 5 Bytes JMP 1002AC20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!MoveFileExA 76322FF3 5 Bytes JMP 1002AB20 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!MoveFileWithProgressA 76323013 5 Bytes JMP 1002AAE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!GetBinaryTypeW + 70 76327964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CopyFileA 76327CFC 5 Bytes JMP 1002ABE0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!MoveFileA 7634AD49 5 Bytes JMP 1002AB60 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!CopyFileExA 7634BBA1 5 Bytes JMP 1002ABA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!WinExec 7634E695 5 Bytes JMP 1002A9E0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] KERNEL32.dll!LoadModule 7634EBAE 5 Bytes JMP 1002ACA0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] GDI32.dll!DeleteDC 773E6A2C 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] GDI32.dll!CreateDCA 773E9975 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] GDI32.dll!CreateDCW 773EBD21 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] GDI32.dll!GetPixel 773EC714 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] ADVAPI32.dll!CreateProcessAsUserA 762614FD 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] SHELL32.dll!ShellExecuteW 766041F0 5 Bytes JMP 1002A980 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] SHELL32.dll!ShellExecuteExW 76611B8C 5 Bytes JMP 1002A940 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] SHELL32.dll!ShellExecuteEx 76839B0A 5 Bytes JMP 1002A960 C:\Windows\system32\guard32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[7540] SHELL32.dll!ShellExecuteA 76839BA5 5 Bytes JMP 1002A9A0 C:\Windows\system32\guard32.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 84E661F8 Device \Driver\usbohci \Device\USBPDO-0 8638D1F8 Device \Driver\usbehci \Device\USBPDO-1 8638E1F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS Device \Driver\cdrom \Device\CdRom0 860DB1F8 Device \Driver\atapi \Device\Ide\IdePort0 84E631F8 Device \Driver\atapi \Device\Ide\IdePort1 84E631F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{5D603A5B-45B4-4B88-8A11-79B5279EBE60} 861851F8 Device \Driver\nvstor \Device\00000068 84E641F8 Device \Driver\nvstor \Device\00000069 84E641F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 861851F8 Device \Driver\nvstor \Device\RaidPort0 84E641F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{33601969-FD71-4595-B53A-E4A4E579A7BC} 861851F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS Device \Driver\nvstor \Device\RaidPort1 84E641F8 Device \Driver\usbohci \Device\USBFDO-0 8638D1F8 Device \Driver\usbehci \Device\USBFDO-1 8638E1F8 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84e641f8]<< 84e641f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e9c460] 85e9c460 Trace 3 CLASSPNP.SYS[893b459e] -> nt!IofCallDriver -> [0x84eaf700] 84eaf700 Trace 5 ACPI.sys[88d703d4] -> nt!IofCallDriver -> \Device\00000068[0x85b82878] 85b82878 Trace \Driver\nvstor[0x85b93930] -> IRP_MJ_CREATE -> 0x84e641f8 84e641f8 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Artur\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- EOF - GMER 2.1 ----