.text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, A2] {WAIT ; JS 0xffffffa5} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, A2, 00, 50, C3, ...] {MOV EAX, 0xa2194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4684] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, A2, 00, 50, C3, ...] {MOV EAX, 0xa2569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 17, 00, 50, C3, ...] {MOV EAX, 0x178442; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 17, 00, 50, C3, ...] {MOV EAX, 0x17770d; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 17, 00, 50, C3, ...] {MOV EAX, 0x175d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 17, 00, 50, C3, ...] {MOV EAX, 0x1718b7; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 17, 00, 50, C3, ...] {MOV EAX, 0x1718dd; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 17, 00, 50, C3, ...] {MOV EAX, 0x171dd5; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 17, 00, 50, C3, ...] {MOV EAX, 0x171e20; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 17, 00, 50, C3, ...] {MOV EAX, 0x17793c; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 17, 00, 50, C3, ...] {MOV EAX, 0x175bb6; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 17, 00, 50, C3, ...] {MOV EAX, 0x1777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 17, 00, 50, C3, ...] {MOV EAX, 0x177741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 17, 00, 50, C3, ...] {MOV EAX, 0x171d8d; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 17, 00, 50, C3, ...] {MOV EAX, 0x171d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 17, 00, 50, C3, ...] {MOV EAX, 0x175904; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 17, 00, 50, C3, ...] {MOV EAX, 0x1773da; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 17] {STD ; PUSH EBP; POP SS} .text C:\Windows\explorer.exe[4764] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 17] {WAIT ; JS 0x1a} .text C:\Windows\explorer.exe[4764] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 17, 00, 50, C3, ...] {MOV EAX, 0x17194f; PUSH EAX; RET ; NOP } .text C:\Windows\explorer.exe[4764] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 17, 00, 50, C3, ...] {MOV EAX, 0x17569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 76, 00, 50, C3, ...] {MOV EAX, 0x768442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 76, 00, 50, C3, ...] {MOV EAX, 0x76770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, 93, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, 92, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, 91, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611641A C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, 90, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 761167BC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, 92, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, 91, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, 92, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 761168FB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, 91, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, 90, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, 93, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, 90, 75] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, 76, 00, 50, C3, ...] {MOV EAX, 0x7611e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, 76, 00, 50, C3, ...] {MOV EAX, 0x761229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 76, 00, 50, C3, ...] {MOV EAX, 0x765d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 76, 00, 50, C3, ...] {MOV EAX, 0x7618b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 76, 00, 50, C3, ...] {MOV EAX, 0x7618dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 76, 00, 50, C3, ...] {MOV EAX, 0x761dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 76, 00, 50, C3, ...] {MOV EAX, 0x761e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 76, 00, 50, C3, ...] {MOV EAX, 0x76793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 76, 00, 50, C3, ...] {MOV EAX, 0x765bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 76, 00, 50, C3, ...] {MOV EAX, 0x7677ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 76, 00, 50, C3, ...] {MOV EAX, 0x767741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 76, 00, 50, C3, ...] {MOV EAX, 0x761d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 76, 00, 50, C3, ...] {MOV EAX, 0x761d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 76, 00, 50, C3, ...] {MOV EAX, 0x765904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 76, 00, 50, C3, ...] {MOV EAX, 0x7673da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 76] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 76] {WAIT ; JS 0x79} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 76, 00, 50, C3, ...] {MOV EAX, 0x76194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4812] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 76, 00, 50, C3, ...] {MOV EAX, 0x76569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, DF, 00, 50, C3, ...] {MOV EAX, 0xdf8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, DF, 00, 50, C3, ...] {MOV EAX, 0xdf770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, DB, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, DA, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, D9, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611CC62 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, D8, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 7611D004 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, DA, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, D9, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, DA, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 7611D143 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, D9, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, D8, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, DB, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, D8, DD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, DF, 00, 50, C3, ...] {MOV EAX, 0xdf11e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, DF, 00, 50, C3, ...] {MOV EAX, 0xdf1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, DF, 00, 50, C3, ...] {MOV EAX, 0xdf5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, DF, 00, 50, C3, ...] {MOV EAX, 0xdf18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, DF, 00, 50, C3, ...] {MOV EAX, 0xdf18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, DF, 00, 50, C3, ...] {MOV EAX, 0xdf1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, DF, 00, 50, C3, ...] {MOV EAX, 0xdf1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, DF, 00, 50, C3, ...] {MOV EAX, 0xdf793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, DF, 00, 50, C3, ...] {MOV EAX, 0xdf5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, DF, 00, 50, C3, ...] {MOV EAX, 0xdf77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, DF, 00, 50, C3, ...] {MOV EAX, 0xdf7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, DF, 00, 50, C3, ...] {MOV EAX, 0xdf1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, DF, 00, 50, C3, ...] {MOV EAX, 0xdf1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, DF, 00, 50, C3, ...] {MOV EAX, 0xdf5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, DF, 00, 50, C3, ...] {MOV EAX, 0xdf73da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, DF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, DF] {WAIT ; JS 0xffffffe2} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, DF, 00, 50, C3, ...] {MOV EAX, 0xdf194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4992] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, DF, 00, 50, C3, ...] {MOV EAX, 0xdf569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, A3, 00, 50, C3, ...] {MOV EAX, 0xa38442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, A3, 00, 50, C3, ...] {MOV EAX, 0xa3770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, 83, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, 82, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, 81, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611900A C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, 80, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 761193AC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, 82, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, 81, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, 82, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 761194EB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, 81, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, 80, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, 83, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, 80, A1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, A3, 00, 50, C3, ...] {MOV EAX, 0xa311e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, A3, 00, 50, C3, ...] {MOV EAX, 0xa31229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, A3, 00, 50, C3, ...] {MOV EAX, 0xa35d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, A3, 00, 50, C3, ...] {MOV EAX, 0xa318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, A3, 00, 50, C3, ...] {MOV EAX, 0xa318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, A3, 00, 50, C3, ...] {MOV EAX, 0xa31dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, A3, 00, 50, C3, ...] {MOV EAX, 0xa31e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, A3, 00, 50, C3, ...] {MOV EAX, 0xa3793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, A3, 00, 50, C3, ...] {MOV EAX, 0xa35bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, A3, 00, 50, C3, ...] {MOV EAX, 0xa377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, A3, 00, 50, C3, ...] {MOV EAX, 0xa37741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, A3, 00, 50, C3, ...] {MOV EAX, 0xa31d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, A3, 00, 50, C3, ...] {MOV EAX, 0xa31d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, A3, 00, 50, C3, ...] {MOV EAX, 0xa35904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, A3, 00, 50, C3, ...] {MOV EAX, 0xa373da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, A3] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, A3] {WAIT ; JS 0xffffffa6} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, A3, 00, 50, C3, ...] {MOV EAX, 0xa3194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, A3, 00, 50, C3, ...] {MOV EAX, 0xa3569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 08, 01, 50, C3, ...] {MOV EAX, 0x1088442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 08, 01, 50, C3, ...] {MOV EAX, 0x108770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 7 Bytes [BA, 68, F7, 06, 01, FF, E2] {MOV EDX, 0x106f768; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationThread + 5 7710E0D5 7 Bytes [BA, 28, F6, 06, 01, FF, E2] {MOV EDX, 0x106f628; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtSetInformationFile + 5 7710E195 7 Bytes [BA, 28, F5, 06, 01, FF, E2] {MOV EDX, 0x106f528; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 7 Bytes CALL 7611F57E C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 7 Bytes [BA, A8, F4, 06, 01, FF, E2] {MOV EDX, 0x106f4a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 7 Bytes CALL 7611F920 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThreadToken + 5 7710F245 7 Bytes [BA, 68, F6, 06, 01, FF, E2] {MOV EDX, 0x106f668; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenThread + 5 7710F265 7 Bytes [BA, 68, F5, 06, 01, FF, E2] {MOV EDX, 0x106f568; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 7 Bytes [BA, A8, F6, 06, 01, FF, E2] {MOV EDX, 0x106f6a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcessToken + 5 7710F365 7 Bytes CALL 7611FA5F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenProcess + 5 7710F385 7 Bytes [BA, A8, F5, 06, 01, FF, E2] {MOV EDX, 0x106f5a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtOpenFile + 5 7710F4E5 7 Bytes [BA, 68, F4, 06, 01, FF, E2] {MOV EDX, 0x106f468; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtMapViewOfSection + 5 7710F665 7 Bytes [BA, 28, F7, 06, 01, FF, E2] {MOV EDX, 0x106f728; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] ntdll.dll!NtCreateFile + 5 771104B5 7 Bytes [BA, 28, F4, 06, 01, FF, E2] {MOV EDX, 0x106f428; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, 08, 01, 50, C3, ...] {MOV EAX, 0x10811e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, 08, 01, 50, C3, ...] {MOV EAX, 0x1081229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 08, 01, 50, C3, ...] {MOV EAX, 0x1085d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 08, 01, 50, C3, ...] {MOV EAX, 0x10818b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 08, 01, 50, C3, ...] {MOV EAX, 0x10818dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 08, 01, 50, C3, ...] {MOV EAX, 0x1081dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 08, 01, 50, C3, ...] {MOV EAX, 0x1081e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 08, 01, 50, C3, ...] {MOV EAX, 0x108793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 08, 01, 50, C3, ...] {MOV EAX, 0x1085bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 08, 01, 50, C3, ...] {MOV EAX, 0x10877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 08, 01, 50, C3, ...] {MOV EAX, 0x1087741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 08, 01, 50, C3, ...] {MOV EAX, 0x1081d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 08, 01, 50, C3, ...] {MOV EAX, 0x1081d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 08, 01, 50, C3, ...] {MOV EAX, 0x1085904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 08, 01, 50, C3, ...] {MOV EAX, 0x10873da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetRawInputData + 1 74B792E1 9 Bytes [FD, 55, 08, 01, 50, C3, 90, ...] {STD ; PUSH EBP; OR [ECX], AL; PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetKeyboardState + 1 74B79481 9 Bytes [9B, 78, 08, 01, 50, C3, 90, ...] {WAIT ; JS 0xb; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 08, 01, 50, C3, ...] {MOV EAX, 0x108194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5040] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 08, 01, 50, C3, ...] {MOV EAX, 0x108569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 07, 01, 50, C3, ...] {MOV EAX, 0x1078442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 07, 01, 50, C3, ...] {MOV EAX, 0x107770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 7 Bytes [BA, 68, 3B, 05, 01, FF, E2] {MOV EDX, 0x1053b68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationThread + 5 7710E0D5 7 Bytes [BA, 28, 3A, 05, 01, FF, E2] {MOV EDX, 0x1053a28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtSetInformationFile + 5 7710E195 7 Bytes [BA, 28, 39, 05, 01, FF, E2] {MOV EDX, 0x1053928; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 7 Bytes CALL 7611F3C2 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 7 Bytes [BA, A8, 38, 05, 01, FF, E2] {MOV EDX, 0x10538a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 7 Bytes CALL 7611F764 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThreadToken + 5 7710F245 7 Bytes [BA, 68, 3A, 05, 01, FF, E2] {MOV EDX, 0x1053a68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenThread + 5 7710F265 7 Bytes [BA, 68, 39, 05, 01, FF, E2] {MOV EDX, 0x1053968; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 7 Bytes [BA, A8, 3A, 05, 01, FF, E2] {MOV EDX, 0x1053aa8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcessToken + 5 7710F365 7 Bytes CALL 7611F8A3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenProcess + 5 7710F385 7 Bytes [BA, A8, 39, 05, 01, FF, E2] {MOV EDX, 0x10539a8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtOpenFile + 5 7710F4E5 7 Bytes [BA, 68, 38, 05, 01, FF, E2] {MOV EDX, 0x1053868; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtMapViewOfSection + 5 7710F665 7 Bytes [BA, 28, 3B, 05, 01, FF, E2] {MOV EDX, 0x1053b28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] ntdll.dll!NtCreateFile + 5 771104B5 7 Bytes [BA, 28, 38, 05, 01, FF, E2] {MOV EDX, 0x1053828; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, 07, 01, 50, C3, ...] {MOV EAX, 0x10711e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, 07, 01, 50, C3, ...] {MOV EAX, 0x1071229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 07, 01, 50, C3, ...] {MOV EAX, 0x1075d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 07, 01, 50, C3, ...] {MOV EAX, 0x10718b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 07, 01, 50, C3, ...] {MOV EAX, 0x10718dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 07, 01, 50, C3, ...] {MOV EAX, 0x1071dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 07, 01, 50, C3, ...] {MOV EAX, 0x1071e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 07, 01, 50, C3, ...] {MOV EAX, 0x107793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 07, 01, 50, C3, ...] {MOV EAX, 0x1075bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 07, 01, 50, C3, ...] {MOV EAX, 0x10777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 07, 01, 50, C3, ...] {MOV EAX, 0x1077741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 07, 01, 50, C3, ...] {MOV EAX, 0x1071d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 07, 01, 50, C3, ...] {MOV EAX, 0x1071d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 07, 01, 50, C3, ...] {MOV EAX, 0x1075904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 07, 01, 50, C3, ...] {MOV EAX, 0x10773da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetRawInputData + 1 74B792E1 9 Bytes [FD, 55, 07, 01, 50, C3, 90, ...] {STD ; PUSH EBP; POP ES; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetKeyboardState + 1 74B79481 9 Bytes [9B, 78, 07, 01, 50, C3, 90, ...] {WAIT ; JS 0xa; ADD [EAX-0x3d], EDX; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 07, 01, 50, C3, ...] {MOV EAX, 0x107194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5076] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 07, 01, 50, C3, ...] {MOV EAX, 0x107569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 53, 00, 50, C3, ...] {MOV EAX, 0x538442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 53, 00, 50, C3, ...] {MOV EAX, 0x53770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, EB, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, EA, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, E9, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 76114072 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, E8, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 76114414 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, EA, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, E9, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, EA, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 76114553 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, E9, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, E8, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, EB, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, E8, 51] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, 53, 00, 50, C3, ...] {MOV EAX, 0x5311e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, 53, 00, 50, C3, ...] {MOV EAX, 0x531229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 53, 00, 50, C3, ...] {MOV EAX, 0x535d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 53, 00, 50, C3, ...] {MOV EAX, 0x5318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 53, 00, 50, C3, ...] {MOV EAX, 0x5318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 53, 00, 50, C3, ...] {MOV EAX, 0x531dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 53, 00, 50, C3, ...] {MOV EAX, 0x531e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 53, 00, 50, C3, ...] {MOV EAX, 0x53793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 53, 00, 50, C3, ...] {MOV EAX, 0x535bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 53, 00, 50, C3, ...] {MOV EAX, 0x5377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 53, 00, 50, C3, ...] {MOV EAX, 0x537741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 53, 00, 50, C3, ...] {MOV EAX, 0x531d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 53, 00, 50, C3, ...] {MOV EAX, 0x531d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 53, 00, 50, C3, ...] {MOV EAX, 0x535904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 53, 00, 50, C3, ...] {MOV EAX, 0x5373da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 53] {STD ; PUSH EBP; PUSH EBX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 53] {WAIT ; JS 0x56} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 53, 00, 50, C3, ...] {MOV EAX, 0x53194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5088] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 53, 00, 50, C3, ...] {MOV EAX, 0x53569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, A6, 00, 50, C3, ...] {MOV EAX, 0xa68442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, A6, 00, 50, C3, ...] {MOV EAX, 0xa6770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, AB, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, AA, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, A9, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 76119332 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, A8, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 761196D4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, AA, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, A9, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, AA, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 76119813 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, A9, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, A8, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, AB, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, A8, A4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, A6, 00, 50, C3, ...] {MOV EAX, 0xa611e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, A6, 00, 50, C3, ...] {MOV EAX, 0xa61229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, A6, 00, 50, C3, ...] {MOV EAX, 0xa65d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, A6, 00, 50, C3, ...] {MOV EAX, 0xa618b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, A6, 00, 50, C3, ...] {MOV EAX, 0xa618dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, A6, 00, 50, C3, ...] {MOV EAX, 0xa61dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, A6, 00, 50, C3, ...] {MOV EAX, 0xa61e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, A6, 00, 50, C3, ...] {MOV EAX, 0xa6793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, A6, 00, 50, C3, ...] {MOV EAX, 0xa65bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, A6, 00, 50, C3, ...] {MOV EAX, 0xa677ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, A6, 00, 50, C3, ...] {MOV EAX, 0xa67741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, A6, 00, 50, C3, ...] {MOV EAX, 0xa61d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, A6, 00, 50, C3, ...] {MOV EAX, 0xa61d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, A6, 00, 50, C3, ...] {MOV EAX, 0xa65904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, A6, 00, 50, C3, ...] {MOV EAX, 0xa673da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, A6] {STD ; PUSH EBP; CMPSB } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, A6] {WAIT ; JS 0xffffffa9} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, A6, 00, 50, C3, ...] {MOV EAX, 0xa6194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, A6, 00, 50, C3, ...] {MOV EAX, 0xa6569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, F1, 00, 50, C3, ...] {MOV EAX, 0xf18442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, F1, 00, 50, C3, ...] {MOV EAX, 0xf1770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, CF, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, CE, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, CD, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611AE56 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, CC, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 7611B1F8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, CE, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, CD, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, CE, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 7611B337 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, CD, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, CC, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, CF, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, CC, BF] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, F1, 00, 50, C3, ...] {MOV EAX, 0xf111e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, F1, 00, 50, C3, ...] {MOV EAX, 0xf11229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, F1, 00, 50, C3, ...] {MOV EAX, 0xf15d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, F1, 00, 50, C3, ...] {MOV EAX, 0xf118b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, F1, 00, 50, C3, ...] {MOV EAX, 0xf118dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, F1, 00, 50, C3, ...] {MOV EAX, 0xf11dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, F1, 00, 50, C3, ...] {MOV EAX, 0xf11e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, F1, 00, 50, C3, ...] {MOV EAX, 0xf1793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, F1, 00, 50, C3, ...] {MOV EAX, 0xf15bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, F1, 00, 50, C3, ...] {MOV EAX, 0xf177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, F1, 00, 50, C3, ...] {MOV EAX, 0xf17741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, F1, 00, 50, C3, ...] {MOV EAX, 0xf11d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, F1, 00, 50, C3, ...] {MOV EAX, 0xf11d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, F1, 00, 50, C3, ...] {MOV EAX, 0xf15904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, F1, 00, 50, C3, ...] {MOV EAX, 0xf173da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, F1] {STD ; PUSH EBP; INT1 } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, F1] {WAIT ; JS 0xfffffff4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, F1, 00, 50, C3, ...] {MOV EAX, 0xf1194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5120] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, F1, 00, 50, C3, ...] {MOV EAX, 0xf1569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, B4, 00, 50, C3, ...] {MOV EAX, 0xb48442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, B4, 00, 50, C3, ...] {MOV EAX, 0xb4770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, FB, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, FA, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, F9, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611A182 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, F8, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 7611A524 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, FA, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, F9, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, FA, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 7611A663 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, F9, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, F8, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, FB, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, F8, B2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, B4, 00, 50, C3, ...] {MOV EAX, 0xb411e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, B4, 00, 50, C3, ...] {MOV EAX, 0xb41229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, B4, 00, 50, C3, ...] {MOV EAX, 0xb45d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, B4, 00, 50, C3, ...] {MOV EAX, 0xb418b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, B4, 00, 50, C3, ...] {MOV EAX, 0xb418dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, B4, 00, 50, C3, ...] {MOV EAX, 0xb41dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, B4, 00, 50, C3, ...] {MOV EAX, 0xb41e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, B4, 00, 50, C3, ...] {MOV EAX, 0xb4793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, B4, 00, 50, C3, ...] {MOV EAX, 0xb45bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, B4, 00, 50, C3, ...] {MOV EAX, 0xb477ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, B4, 00, 50, C3, ...] {MOV EAX, 0xb47741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, B4, 00, 50, C3, ...] {MOV EAX, 0xb41d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, B4, 00, 50, C3, ...] {MOV EAX, 0xb41d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, B4, 00, 50, C3, ...] {MOV EAX, 0xb45904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, B4, 00, 50, C3, ...] {MOV EAX, 0xb473da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, B4] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, B4] {WAIT ; JS 0xffffffb7} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, B4, 00, 50, C3, ...] {MOV EAX, 0xb4194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5136] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, B4, 00, 50, C3, ...] {MOV EAX, 0xb4569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, BC, 00, 50, C3, ...] {MOV EAX, 0xbc8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, 4B, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, 4A, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, 49, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611A8D2 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, 48, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 7611AC74 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, 4A, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, 49, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, 4A, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 7611ADB3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, 49, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, 48, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, 4B, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, 48, BA] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, BC, 00, 50, C3, ...] {MOV EAX, 0xbc11e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, BC, 00, 50, C3, ...] {MOV EAX, 0xbc18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, BC, 00, 50, C3, ...] {MOV EAX, 0xbc18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, BC, 00, 50, C3, ...] {MOV EAX, 0xbc793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, BC, 00, 50, C3, ...] {MOV EAX, 0xbc7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, BC, 00, 50, C3, ...] {MOV EAX, 0xbc1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, BC, 00, 50, C3, ...] {MOV EAX, 0xbc5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, BC, 00, 50, C3, ...] {MOV EAX, 0xbc73da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, BC] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, BC] {WAIT ; JS 0xffffffbf} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, BC, 00, 50, C3, ...] {MOV EAX, 0xbc194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5156] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, BC, 00, 50, C3, ...] {MOV EAX, 0xbc569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, B8, 00, 50, C3, ...] {MOV EAX, 0xb88442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, B8, 00, 50, C3, ...] {MOV EAX, 0xb8770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtUnmapViewOfSection + 5 7710DA05 4 Bytes [BA, 68, C7, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtUnmapViewOfSection + A 7710DA0A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationThread + 5 7710E0D5 4 Bytes [BA, 28, C6, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationThread + A 7710E0DA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationFile + 5 7710E195 4 Bytes [BA, 28, C5, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtSetInformationFile + A 7710E19A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryFullAttributesFile + 5 7710EE85 4 Bytes CALL 7611A54E C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryFullAttributesFile + A 7710EE8A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryAttributesFile + 5 7710EFE5 4 Bytes [BA, A8, C4, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtQueryAttributesFile + A 7710EFEA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadTokenEx + 5 7710F225 4 Bytes CALL 7611A8F0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadTokenEx + A 7710F22A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadToken + 5 7710F245 4 Bytes [BA, 68, C6, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThreadToken + A 7710F24A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThread + 5 7710F265 4 Bytes [BA, 68, C5, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenThread + A 7710F26A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessTokenEx + 5 7710F345 4 Bytes [BA, A8, C6, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessTokenEx + A 7710F34A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessToken + 5 7710F365 4 Bytes CALL 7611AA2F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcessToken + A 7710F36A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcess + 5 7710F385 4 Bytes [BA, A8, C5, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenProcess + A 7710F38A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenFile + 5 7710F4E5 4 Bytes [BA, 68, C4, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtOpenFile + A 7710F4EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtMapViewOfSection + 5 7710F665 4 Bytes [BA, 28, C7, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtMapViewOfSection + A 7710F66A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtCreateFile + 5 771104B5 4 Bytes [BA, 28, C4, B6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] ntdll.dll!NtCreateFile + A 771104BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] KERNEL32.DLL!VirtualProtect 7552C9A0 12 Bytes [B8, E5, 11, B8, 00, 50, C3, ...] {MOV EAX, 0xb811e5; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] KERNEL32.DLL!VirtualProtectEx 7554E2F0 12 Bytes [B8, 29, 12, B8, 00, 50, C3, ...] {MOV EAX, 0xb81229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, B8, 00, 50, C3, ...] {MOV EAX, 0xb85d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, B8, 00, 50, C3, ...] {MOV EAX, 0xb818b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, B8, 00, 50, C3, ...] {MOV EAX, 0xb818dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, B8, 00, 50, C3, ...] {MOV EAX, 0xb81dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, B8, 00, 50, C3, ...] {MOV EAX, 0xb81e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, B8, 00, 50, C3, ...] {MOV EAX, 0xb8793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, B8, 00, 50, C3, ...] {MOV EAX, 0xb85bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, B8, 00, 50, C3, ...] {MOV EAX, 0xb877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, B8, 00, 50, C3, ...] {MOV EAX, 0xb87741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, B8, 00, 50, C3, ...] {MOV EAX, 0xb81d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, B8, 00, 50, C3, ...] {MOV EAX, 0xb81d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, B8, 00, 50, C3, ...] {MOV EAX, 0xb85904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, B8, 00, 50, C3, ...] {MOV EAX, 0xb873da; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, B8] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, B8] {WAIT ; JS 0xffffffbb} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, B8, 00, 50, C3, ...] {MOV EAX, 0xb8194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[5532] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, B8, 00, 50, C3, ...] {MOV EAX, 0xb8569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, 18, 00, 50, C3, ...] {MOV EAX, 0x188442; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x18770d; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, 18, 00, 50, C3, ...] {MOV EAX, 0x185d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818b7; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818dd; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181dd5; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, 18, 00, 50, C3, ...] {MOV EAX, 0x181e20; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, 18, 00, 50, C3, ...] {MOV EAX, 0x18793c; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, 18, 00, 50, C3, ...] {MOV EAX, 0x185bb6; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x1877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x187741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d8d; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, 18, 00, 50, C3, ...] {MOV EAX, 0x185904; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, 18, 00, 50, C3, ...] {MOV EAX, 0x1873da; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetRawInputData + 1 74B792E1 3 Bytes [FD, 55, 18] .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetRawInputData + 5 74B792E5 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetKeyboardState + 1 74B79481 3 Bytes [9B, 78, 18] {WAIT ; JS 0x1b} .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetKeyboardState + 5 74B79485 5 Bytes [50, C3, 90, 90, 90] {PUSH EAX; RET ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, 18, 00, 50, C3, ...] {MOV EAX, 0x18194f; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\8gpdmmze.exe[5560] USER32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, 18, 00, 50, C3, ...] {MOV EAX, 0x18569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] ntdll.dll!LdrLoadDll 770CE230 8 Bytes [B8, 42, 84, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee8442; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] ntdll.dll!LdrUnloadDll 770D3FB0 8 Bytes [B8, 0D, 77, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee770d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!CreateWindowInBandEx + 3E0 74B4BFB0 11 Bytes [B8, 81, 5D, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!SetWindowLongA 74B54CA0 8 Bytes [B8, B7, 18, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee18b7; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!SetWindowLongW 74B54CC0 8 Bytes [B8, DD, 18, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee18dd; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!PeekMessageA 74B5D5A0 8 Bytes [B8, D5, 1D, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee1dd5; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!PeekMessageW 74B5D700 8 Bytes [B8, 20, 1E, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee1e20; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!CallNextHookEx 74B613A0 8 Bytes [B8, 3C, 79, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee793c; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!SystemParametersInfoW + 480 74B62AF0 8 Bytes [B8, B6, 5B, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetKeyState 74B65170 11 Bytes [B8, EE, 77, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetAsyncKeyState 74B65B10 11 Bytes [B8, 41, 77, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetMessageW 74B65EB0 8 Bytes [B8, 8D, 1D, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee1d8d; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetMessageA 74B66ED0 9 Bytes [B8, 45, 1D, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetCursorPos + 20 74B68A40 8 Bytes [B8, 04, 59, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee5904; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetCursorPos + 80 74B68AA0 8 Bytes [B8, DA, 73, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee73da; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetRawInputData + 1 74B792E1 9 Bytes [FD, 55, EE, 03, 50, C3, 90, ...] {STD ; PUSH EBP; OUT DX, AL; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetKeyboardState + 1 74B79481 9 Bytes [9B, 78, EE, 03, 50, C3, 90, ...] {WAIT ; JS 0xfffffff1; ADD EDX, [EAX-0x3d]; NOP ; NOP ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!EndTask 74BA2F90 8 Bytes [B8, 4F, 19, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee194f; PUSH EAX; RET ; NOP } .text C:\Windows\system32\svchost.exe[5572] user32.dll!GetRawInputBuffer 74BABF60 11 Bytes [B8, 9A, 56, EE, 03, 50, C3, ...] {MOV EAX, 0x3ee569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 SpyshelterKb.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 EUBKMON.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 EUBKMON.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 EUBKMON.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootSucceeded 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xE5 0xA9 0xE6 0xBB ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x81 0xD0 0x57 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 10 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SEC54410_00_07D8_36^A681D13016FF8A1D31B78C5FD9F83AE3@Timestamp 0x65 0x6E 0xFE 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 612 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 7789856 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1192319095 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 13 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 478827565 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 8192 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 705d0ccb-0fcc-49b5-8e67-7ca1d3d Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{039be4aa-7074-4633-a095-5482c62d9e95} Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS_s Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{81356c2f-5749-4e96-bb64-1a12473e54f1}@LastProbeTime 1468629845 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo\0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo\0@Type 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo\0@Action 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo\0@Guid 0x16 0x28 0x7A 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo\0@Data0 0x75 0x18 0xBC 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_31647\TriggerInfo\0@DataType0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_31647\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_31647\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_31647\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_31647\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?sob.?, ?lip ?16 ?16, 12:46:31 AM??????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7260 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 42 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E2707E94-751B-47CB-9F5A-C18632A02503} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=443|RPort=80|App=C:\Windows\system32\svchost.exe|Name=[TWtrZUI0IIxQhb] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{CFD4769F-0BCC-4902-B816-CFAAFB60320D} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\system32\svchost.exe|Svc=wuauserv|Name=[TWnZdTYp4HdPKM] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1EB1AEC2-1FA8-4F91-8D14-705C25A41FCE} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|RPort=123|App=C:\Windows\system32\svchost.exe|Svc=W32Time|Name=[TWWwOv1OuRZDyU][in] Time synchronization|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{5E1D2FFA-AF5F-4D93-885B-E6CA7623B40A} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=123|App=C:\Windows\system32\svchost.exe|Svc=W32Time|Name=[TWWwOv1OuRZDyU][out] Time synchronization|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{597DDE38-592D-49E1-8EEA-5343965B58EF} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=[TWXfkx8ipQW68H] WSD Event Client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{ACB7C4D1-4A35-426F-BC2E-74F0BF4D52C6} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=[TWXfkx8ipQW68H] WSD Event Server|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{02EF2BAD-42E5-47A5-BC3A-B06F41405B47} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=[TWXfkx8ipQW68H] UPnP Client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{2D2C2201-0E91-460F-BA08-6E204B82C16C} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=[TWXfkx8ipQW68H] UPnP Server|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{EB9F31A1-F4FF-4E2A-8E47-0DAB1AAFF035} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=fdphost|Name=[TW2T6lZBnkmfFE] WSD Client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{7FCDFC5E-4CF7-4C6B-99B1-F941B5DBAC88} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=fdphost|Name=[TW2T6lZBnkmfFE] WSD Server|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{7661EA92-8B87-4AB5-825D-75D72795CFD5} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=upnphost|Name=[TWcJF0rk9XgsQI] UPnP Client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{62336EE2-6AC8-4250-8822-9FC54DFE2733} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=upnphost|Name=[TWcJF0rk9XgsQI] UPnP Server|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{86CCDBED-80D4-4DEC-B8C3-C6F77BBB333A} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=ssdpsrv|Name=[TWTV1HdMWdyV8K] SSDP Client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{69A211B4-565F-4CAA-97E2-B10395DB399D} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=ssdpsrv|Name=[TWTV1HdMWdyV8K] SSDP Server|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C679353B-CABA-4417-A9F7-ED232445FAA5} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8][in] LLMNR-UDP (server)|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{7E5354DD-7388-4CE8-8500-D32F037C31E8} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8][out] LLMNR-UDP (server)|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{B94B896E-FDB9-4B60-9129-DF433418336C} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8][in] LLMNR-UDP (client)|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{37F06211-18E1-4AE8-A654-BF747394AE25} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8][out] LLMNR-UDP (client)|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{5CAAC27E-44BA-428A-9A41-07F0A281B987} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|RPort=53|RA4=DNS|RA6=DNS|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8][in] DNS client UDP|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{BEB9DD9C-70FE-4784-94B0-A0144CA3A886} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|RA4=DNS|RA6=DNS|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8][out] DNS client UDP|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{3673D426-D7E0-4066-B915-4403DD0C84BA} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=53|RA4=DNS|RA6=DNS|App=C:\Windows\system32\svchost.exe|Svc=Dnscache|Name=[TW0jBAuLLXUnL8] DNS client TCP|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{284BFD2C-AA63-4D67-B2C7-12FFFF9A567B} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=67|App=C:\Windows\system32\svchost.exe|Svc=lmhosts|Name=[TWTcFZT2wdriw7] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FFDB9E84-3231-498C-93DE-48A9481CB06C} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=dhcp|Name=[TWPyCuaQuOg1OP][in] DHCP IPv6 client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{040C2642-81FD-435F-A26E-79A7D6B7279F} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=dhcp|Name=[TWPyCuaQuOg1OP][out] DHCP IPv6 client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8DD303F4-6760-4053-9778-81D2F1DB2088} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=dhcp|Name=[TWPyCuaQuOg1OP][in] DHCP IPv4 client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FBCB8AA7-7D88-4D2E-A0E0-C9BA04B64BEA} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Windows\system32\svchost.exe|Svc=dhcp|Name=[TWPyCuaQuOg1OP][out] DHCP IPv4 client|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1A9A3A65-6AA3-40B2-AAFF-0A5B352E5635} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\TinyWall\TinyWall.exe|Name=[TW3bpbws1HAMM4] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{887639FB-DF13-45CD-87EC-A4E35C1422A3} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=129:0|ICMP6=1:*|ICMP6=3:*|ICMP6=2:0|Name=[TWAf4HR1hxkGY5] ICMPv6 (safe)|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D58E33B7-DE24-4B46-B207-E5E3B7B7EDD0} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:*|ICMP4=11:*|RA4=DefaultGateway|RA6=DefaultGateway|Name=[TWAf4HR1hxkGY5] ICMPv4 (safe)|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A3117404-7651-48D7-9418-32A352E80920} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=128:0|Name=[TWAf4HR1hxkGY5] ICMPv6 (echo-req) out|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{3F50A154-1725-4AE6-98D6-F5BD30719F64} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|ICMP4=8:0|Name=[TWAf4HR1hxkGY5] ICMPv4 (echo-req) out|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{4A9667B1-C0AF-4F46-843F-8AAC5CD78D62} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\EaseUS\EaseUS Partition Master 11.0\bin\EPMStartLoader.exe|Name=[TWbg73w7pKodmI] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D3244985-70CA-47C0-9538-3984D8B8543D} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\EaseUS\EaseUS Partition Master 11.0\bin\EPMStartLoader.exe|Name=[TWbg73w7pKodmI] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{99FF87A3-9998-4860-8B5E-544C89D4FE64} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\EaseUS\EaseUS Partition Master 11.0\bin\Main.exe|Name=[TWewmPtOKIYuDP] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1F3201D9-B2B2-46C1-B420-7B55DA8516E2} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\EaseUS\EaseUS Partition Master 11.0\bin\Main.exe|Name=[TWewmPtOKIYuDP] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{6D6AF19B-3F21-413D-BB3E-296D9D379D2E} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\System32\backgroundTaskHost.exe|Name=[TWfslAIx3VDYvr] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{6CFBCBBD-80F0-4AA4-9DF1-0C4655E08464} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\System32\backgroundTaskHost.exe|Name=[TWfslAIx3VDYvr] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{40885930-4A27-4BF6-BBF0-6FB9CFEF1C71} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\katar\Downloads\FRST.exe|Name=[TWxtSodUS8rlF3] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{7C28B37F-50F3-4CD0-BC5E-FDB82C29199F} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\katar\Downloads\FRST.exe|Name=[TWxtSodUS8rlF3] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{700656CB-790C-4FB5-A50C-0391ECF8F770} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\System32\WerFault.exe|Name=[TWiCd1XIlCl7mg] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{4A28D4E4-B137-4533-A3C6-9051F1E60EA7} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\System32\WerFault.exe|Name=[TWiCd1XIlCl7mg] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1B2F6775-4392-4240-88C6-9668BBACB8D0} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\katar\Downloads\reader11_pl_xa_install.exe|Name=[TWHXho1nzkQncE] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{BB30CD46-6BB4-4893-8BDB-FD6613294CD2} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\katar\Downloads\reader11_pl_xa_install.exe|Name=[TWHXho1nzkQncE] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{744EAA1C-6598-4A94-A82D-4B36DD033992} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\System32\wermgr.exe|Name=[TWpDIUgdurLOm0] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{6A1017F3-B39F-47B7-9EF6-74AACF694065} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\System32\wermgr.exe|Name=[TWpDIUgdurLOm0] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8CDA7939-A2CD-493C-8CA5-3AB0A868D615} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe|Name=[TWo7Eszk6dda3W] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{DB9E8627-3E81-4630-8986-FED4F07A2B00} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Malwarebytes Anti-Malware\mbamresearch.exe|Name=[TWo7Eszk6dda3W] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{B4BABBC5-4551-4087-90EA-8A002542F2A0} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Malwarebytes Anti-Malware\mbam.exe|Name=[TWJlldmAsfHMKm] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{44795FF3-D55E-4E48-A05D-6182316E85FD} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\HiSuite\hwtools\hwtransport.exe|Name=[TWnT8MuSNdv9dL] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{579DFC27-40EE-4E73-B717-46C02647EED5} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\HiSuite\hwtools\hwtransport.exe|Name=[TWnT8MuSNdv9dL] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C945631A-D1D5-4D3C-BFC3-F69FD12CB028} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\HiSuite\HiSuite.exe|Name=[TWPjSrrgiSRpaU] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{614BDF76-34C9-4A5E-A927-A36840AC8A2C} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\HiSuite\HiSuite.exe|Name=[TWPjSrrgiSRpaU] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{28966CE1-356A-4A27-8EF8-40D67E1C3721} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=F:\HiSuiteDownLoader.exe|Name=[TWQ8PtWtTzDrJI] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{99E46448-9947-4B23-9B94-6745FF2E7BF3} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=F:\HiSuiteDownLoader.exe|Name=[TWQ8PtWtTzDrJI] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{4D7D1EE0-00AA-4BA2-8A75-7F2E3D8E6878} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\Skype\Updater\Updater.exe|Name=[TWNbkSyAJwXw4Y] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{93D3BCDE-2417-43DD-980E-7396DBF94A0A} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Skype\Updater\Updater.exe|Name=[TWNbkSyAJwXw4Y] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{AC22EFE2-B479-411D-9BF1-7213953BD131} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Skype\Phone\Skype.exe|Name=[TWJwGt5vKhKxzN] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D3D19AF3-E1B5-4644-907C-56C575DF555D} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\Skype\Phone\Skype.exe|Name=[TWJwGt5vKhKxzN] TCP Listen Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{681ABB65-A339-4D0D-B421-D422FD195C4F} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Windows\System32\lsass.exe|Name=[TW1y2YRdZHmbLe] UDP Listen Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E3A89008-A501-42D9-A961-5B4DC3C946F6} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Windows\System32\lsass.exe|Name=[TW1y2YRdZHmbLe] TCP Listen Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{766781BD-F292-4D85-A1B6-FA288FF88098} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\System32\msiexec.exe|Name=[TWKiTXa0dDdQeN] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{70188E62-A366-4D20-8EB1-E488799A1D49} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\System32\msiexec.exe|Name=[TWKiTXa0dDdQeN] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{95DA4C1A-21E7-4CE6-A31E-8110F5236ABE} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\katar\Downloads\Programy\SkypeSetupFull.exe|Name=[TWCZmxbDahoLZd] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{38F665EC-5324-44F8-942F-6F539BC37ABB} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\katar\Downloads\Programy\SkypeSetupFull.exe|Name=[TWCZmxbDahoLZd] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{05FE1C8D-5060-407A-9530-3722F4D3B92E} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\Ashampoo\Ashampoo Burning Studio 2016\burningstudio2016.exe|Name=[TWdLecMR1cRWHT] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A84C3359-0B2D-47DC-9761-ABD83D225044} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Ashampoo\Ashampoo Burning Studio 2016\burningstudio2016.exe|Name=[TWdLecMR1cRWHT] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{CD123967-A2CA-4F4A-97E2-44BA4D85FFAE} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\System32\SettingSyncHost.exe|Name=[TW6CydAtdzUmfp] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{0376A763-4C36-4A73-AA62-321825C2BE4C} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\System32\SettingSyncHost.exe|Name=[TW6CydAtdzUmfp] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D722C97A-2F8E-4B54-A659-B67D7E5A18AE} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\katar\AppData\Local\Temp\is-CFFM7.tmp\ashampoo_burning_studio_2016_21653.tmp|Name=[TWqgaxzxcdQzUw] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9E1450B8-F02E-48C5-9960-8E2787D6366E} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\katar\AppData\Local\Temp\is-CFFM7.tmp\ashampoo_burning_studio_2016_21653.tmp|Name=[TWqgaxzxcdQzUw] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{CA3A8D83-87DB-4C76-8398-550FD786E133} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\katar\AppData\Local\Temp\{569CAF0A-4696-4F2E-9FDA-B8E19689B6EE}\{D11FFBF0-5B47-49D8-B285-9142ED4BD158}.exe|Name=[TWayCiz5Uqefic] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{540DD007-BE45-4C77-823D-A8D9BB5A4FAF} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\katar\AppData\Local\Temp\{569CAF0A-4696-4F2E-9FDA-B8E19689B6EE}\{D11FFBF0-5B47-49D8-B285-9142ED4BD158}.exe|Name=[TWayCiz5Uqefic] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{013F639E-97D1-42BF-AD33-E93CBD5A4B60} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\explorer.exe|Name=[TWQNgaP1PWGkkv] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{03307DDE-5D39-416A-B9EB-2EFC29B62D78} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\explorer.exe|Name=[TWQNgaP1PWGkkv] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{5A02339F-B7B0-409E-8B5A-E828AC69B2C8} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\katar\AppData\Local\Temp\SandboxieInstall-32-bit-1130359.exe|Name=[TWiTzNcFvFLmW2] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{2C8346D8-8654-43F5-A105-1BF4172F03E7} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\katar\AppData\Local\Temp\SandboxieInstall-32-bit-1130359.exe|Name=[TWiTzNcFvFLmW2] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{15DB904F-3C92-4FB7-9727-A97C09F1CC6D} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=[TWVaUAzu2w02ja] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A67BF89C-9F5D-479F-B7CA-D3B5246BFECF} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=[TWVaUAzu2w02ja] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{0171C228-8F7B-4A5D-A5F4-B0EC9BC1C142} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Windows\system32\WWAHost.exe|Name=[TWmqCO4VY1D968] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{387DAF60-7AFD-4C38-9FAE-18C643973B6E} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Windows\system32\WWAHost.exe|Name=[TWmqCO4VY1D968] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{058B09B6-531D-479C-B0E3-E4EA3583110A} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Windows\system32\WWAHost.exe|Name=[TWmqCO4VY1D968] UDP Listen Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{80F758AA-D111-4203-B8C2-118993324BFA} v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Windows\system32\WWAHost.exe|Name=[TWmqCO4VY1D968] TCP Listen Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C097F350-7775-45EB-9230-9AEFABC973BC} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Program Files\Internet Explorer\iexplore.exe|Name=[TW6EVZPPGXtSV7] UDP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1416A4D9-5777-4E72-81D2-9BC2DAC6120D} v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Program Files\Internet Explorer\iexplore.exe|Name=[TW6EVZPPGXtSV7] TCP Outbound Ports|Desc=| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 9 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95d87751-6663-40cb-9950-b1b82be2ecca}@LeaseObtainedTime 1468626240 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95d87751-6663-40cb-9950-b1b82be2ecca}@T1 1468669440 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95d87751-6663-40cb-9950-b1b82be2ecca}@T2 1468701840 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95d87751-6663-40cb-9950-b1b82be2ecca}@LeaseTerminatesTime 1468712640 Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_31647\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_31647\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_31647\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_31647\Security@Security 0x01 0x00 0x04 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xA2 0x9C 0xF4 0x14 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xA2 0x04 0xB9 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xA2 0x34 0x30 0xB3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeTickCount 0x1F 0x8B 0x02 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI@IdleTime 10516 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -1076101456 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30531314 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -1064070130 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30531314 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3475209523-2518366309-343907116-1001\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -906025533 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3475209523-2518366309-343907116-1001\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30531314 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3475209523-2518366309-343907116-1001\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -905869258 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-3475209523-2518366309-343907116-1001\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30531314 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\SystemProtected@DisableCAD 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager@ServerChangeNumber 10 Reg HKLM\SOFTWARE\Microsoft\Windows\DWM@DwmInitSessionActivityId_00000001 B259EFC7-DEF2-0001-D5EF-59B2F2DED101 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D4065D63 11 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\home@Failures 63 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 168 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{9456087A-0000-0000-0000-501F00000000} 128101280 ---- EOF - GMER 2.2 ----