GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-12 20:59:11 Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GC00 298,09GB Running: 4lgs123f.exe; Driver: C:\Users\katar\AppData\Local\Temp\pxldapod.sys ---- System - GMER 2.2 ---- SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwWriteVirtualMemory [0x9204D7E4] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwTerminateThread [0x92041023] SSDT \??\C:\Windows\System32\drivers\zamguard32.sys ZwTerminateProcess [0x913C1252] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSystemDebugControl [0x9204AC6A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwShutdownSystem [0x9204B06A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetSystemInformation [0x9204C6AA] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetInformationFile [0x9204B7B6] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetContextThread [0x9204ABF8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSetBootOptions [0x9204B154] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwSecureConnectPort [0x9204CC62] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwRestoreKey [0x9204B18A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwRequestWaitReplyPort [0x9204DBEE] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwReplaceKey [0x9204B240] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwQueueApcThread [0x9204AB94] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwProtectVirtualMemory [0x9204C312] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenThread [0x9204CA6C] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwOpenSection [0x9204C14E] SSDT \??\C:\Windows\System32\drivers\zamguard32.sys ZwOpenProcess [0x913C1104] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwModifyBootEntry [0x9204B0E8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwMapViewOfSection [0x9204D58A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwLoadDriver [0x9204D72A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwImpersonateThread [0x9204B676] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwImpersonateClientOfPort [0x9204B6B8] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwFsControlFile [0x9204B6F2] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDuplicateObject [0x9204AD3A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeviceIoControlFile [0x9204A892] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeleteFile [0x9204B752] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwDeleteBootEntry [0x9204B11E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateThreadEx [0x9204BAEA] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateThread [0x9204C212] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwCreateSection [0x9204C7D2] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwConnectPort [0x9204CB78] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcSendWaitReceivePort [0x9204DD3E] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcConnectPort [0x9204B57A] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAlpcConnectPortEx [0x9204BF24] SSDT \??\C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys ZwAddBootEntry [0x9204B0B2] ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ZwCallbackReturn + 4C4 815279FC 8 Bytes [E8, B0, 04, 92, 8A, D5, 04, ...] {CALL 0x8a9204b5; AAD 0x4; XCHG EDX, EAX} .text ntoskrnl.exe!ZwCallbackReturn + 640 81527B78 8 Bytes [EA, BA, 04, 92, 12, C2, 04, ...] {JMP FAR 0x4c2:0x129204ba; XCHG EDX, EAX} .text ntoskrnl.exe!ExfUnblockPushLock + 1549 8153568D 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 602 81539E12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .vmp1 C:\Program Files\SpyShelter Free Anti-keylogger\SpyShelter.sys entry point in ".vmp1" section [0x92303272] .ewrere1˙˙˙˙Spysheltentry point in ".ewrere1˙˙˙˙Spysheltentry point in "" section [0x90D68D45] C:\Program Files\SpyShelter Free Anti-keylogger\SpyshelterKb.sys entry point in ".ewrere1˙˙˙˙Spysheltentry point in "" section [0x90D68D45] ---- User code sections - GMER 2.2 ---- .text C:\Users\katar\Downloads\4lgs123f.exe[180] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 18, 00, 50, C3, ...] {MOV EAX, 0x188442; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x18770d; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 18, 00, 50, C3, ...] {MOV EAX, 0x1811e5; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 18, 00, 50, C3, ...] {MOV EAX, 0x181229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181dd5; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 18, 00, 50, C3, ...] {MOV EAX, 0x181e20; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818dd; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 18, 00, 50, C3, ...] {MOV EAX, 0x1818b7; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 18, 00, 50, C3, ...] {MOV EAX, 0x18793c; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 18, 00, 50, C3, ...] {MOV EAX, 0x185d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 18, 00, 50, C3, ...] {MOV EAX, 0x185bb6; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x1877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 18, 00, 50, C3, ...] {MOV EAX, 0x187741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d8d; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 18, 00, 50, C3, ...] {MOV EAX, 0x181d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 18, 00, 50, C3, ...] {MOV EAX, 0x185904; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 18, 00, 50, C3, ...] {MOV EAX, 0x1873da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 751A0006 .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 751B0006 .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 18, 00, 50, C3, ...] {MOV EAX, 0x18194f; PUSH EAX; RET ; NOP } .text C:\Users\katar\Downloads\4lgs123f.exe[180] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 18, 00, 50, C3, ...] {MOV EAX, 0x18569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, FF, 00, 50, C3, ...] {MOV EAX, 0xff8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, FF, 00, 50, C3, ...] {MOV EAX, 0xff770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, 1F, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, 1E, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, 1D, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D910D6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, 1C, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D91478 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, 1E, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, 1D, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, 1E, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D915B7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, 1D, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, 1C, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, 1F, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, 1C, FE] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, FF, 00, 50, C3, ...] {MOV EAX, 0xff11e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, FF, 00, 50, C3, ...] {MOV EAX, 0xff1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, FF, 00, 50, C3] {MOV EAX, 0xff1dd5; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, FF, 00, 50, C3] {MOV EAX, 0xff1e20; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, FF, 00, 50, C3, ...] {MOV EAX, 0xff18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, FF, 00, 50, C3, ...] {MOV EAX, 0xff18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, FF, 00, 50, C3, ...] {MOV EAX, 0xff793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, FF, 00, 50, C3, ...] {MOV EAX, 0xff5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, FF, 00, 50, C3, ...] {MOV EAX, 0xff5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, FF, 00, 50, C3, ...] {MOV EAX, 0xff77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, FF, 00, 50, C3, ...] {MOV EAX, 0xff7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, FF, 00, 50, C3] {MOV EAX, 0xff1d8d; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, FF, 00, 50, C3, ...] {MOV EAX, 0xff1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, FF, 00, 50, C3, ...] {MOV EAX, 0xff5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, FF, 00, 50, C3, ...] {MOV EAX, 0xff73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, FF, 00, 50, C3, ...] {MOV EAX, 0xff194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2420] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, FF, 00, 50, C3, ...] {MOV EAX, 0xff569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, FA, 00, 50, C3, ...] {MOV EAX, 0xfa8442; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, FA, 00, 50, C3, ...] {MOV EAX, 0xfa770d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, FA, 00, 50, C3, ...] {MOV EAX, 0xfa11e5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, FA, 00, 50, C3, ...] {MOV EAX, 0xfa1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, FA, 00, 50, C3] {MOV EAX, 0xfa1dd5; PUSH EAX; RET } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, FA, 00, 50, C3] {MOV EAX, 0xfa1e20; PUSH EAX; RET } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, FA, 00, 50, C3, ...] {MOV EAX, 0xfa18dd; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, FA, 00, 50, C3, ...] {MOV EAX, 0xfa18b7; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, FA, 00, 50, C3, ...] {MOV EAX, 0xfa793c; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, FA, 00, 50, C3, ...] {MOV EAX, 0xfa5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, FA, 00, 50, C3, ...] {MOV EAX, 0xfa5bb6; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, FA, 00, 50, C3, ...] {MOV EAX, 0xfa77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, FA, 00, 50, C3, ...] {MOV EAX, 0xfa7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, FA, 00, 50, C3] {MOV EAX, 0xfa1d8d; PUSH EAX; RET } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, FA, 00, 50, C3, ...] {MOV EAX, 0xfa1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, FA, 00, 50, C3, ...] {MOV EAX, 0xfa5904; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, FA, 00, 50, C3, ...] {MOV EAX, 0xfa73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 75560006 .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 75570006 .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, FA, 00, 50, C3, ...] {MOV EAX, 0xfa194f; PUSH EAX; RET ; NOP } .text C:\WINDOWS\Explorer.EXE[2456] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, FA, 00, 50, C3, ...] {MOV EAX, 0xfa569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 14, 00, 50, C3, ...] {MOV EAX, 0x148442; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 14, 00, 50, C3, ...] {MOV EAX, 0x14770d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 14, 00, 50, C3, ...] {MOV EAX, 0x1411e5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 14, 00, 50, C3, ...] {MOV EAX, 0x141229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, 14, 00, 50, C3] {MOV EAX, 0x141dd5; PUSH EAX; RET } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, 14, 00, 50, C3] {MOV EAX, 0x141e20; PUSH EAX; RET } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 14, 00, 50, C3, ...] {MOV EAX, 0x1418dd; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 14, 00, 50, C3, ...] {MOV EAX, 0x1418b7; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 14, 00, 50, C3, ...] {MOV EAX, 0x14793c; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 14, 00, 50, C3, ...] {MOV EAX, 0x145d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 14, 00, 50, C3, ...] {MOV EAX, 0x145bb6; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 14, 00, 50, C3, ...] {MOV EAX, 0x1477ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 14, 00, 50, C3, ...] {MOV EAX, 0x147741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, 14, 00, 50, C3] {MOV EAX, 0x141d8d; PUSH EAX; RET } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 14, 00, 50, C3, ...] {MOV EAX, 0x141d45; PUSH EAX; RET ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 14, 00, 50, C3, ...] {MOV EAX, 0x145904; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 14, 00, 50, C3, ...] {MOV EAX, 0x1473da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 75290006 .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 752A0006 .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 14, 00, 50, C3, ...] {MOV EAX, 0x14194f; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\sihost.exe[2748] user32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 14, 00, 50, C3, ...] {MOV EAX, 0x14569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 13, 01, 50, C3, ...] {MOV EAX, 0x1138442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 13, 01, 50, C3, ...] {MOV EAX, 0x113770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 7 Bytes [BA, 68, AF, 11, 01, FF, E2] {MOV EDX, 0x111af68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationThread + 5 77D804C5 7 Bytes [BA, 28, AE, 11, 01, FF, E2] {MOV EDX, 0x111ae28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtSetInformationFile + 5 77D80585 7 Bytes [BA, 28, AD, 11, 01, FF, E2] {MOV EDX, 0x111ad28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 7 Bytes CALL 76D92466 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtQueryAttributesFile + 5 77D81415 7 Bytes [BA, A8, AC, 11, 01, FF, E2] {MOV EDX, 0x111aca8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 7 Bytes CALL 76D92808 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThreadToken + 5 77D81675 7 Bytes [BA, 68, AE, 11, 01, FF, E2] {MOV EDX, 0x111ae68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenThread + 5 77D81695 7 Bytes [BA, 68, AD, 11, 01, FF, E2] {MOV EDX, 0x111ad68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 7 Bytes [BA, A8, AE, 11, 01, FF, E2] {MOV EDX, 0x111aea8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcessToken + 5 77D81795 7 Bytes CALL 76D92947 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenProcess + 5 77D817B5 7 Bytes [BA, A8, AD, 11, 01, FF, E2] {MOV EDX, 0x111ada8; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtOpenFile + 5 77D81915 7 Bytes [BA, 68, AC, 11, 01, FF, E2] {MOV EDX, 0x111ac68; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtMapViewOfSection + 5 77D81A95 7 Bytes [BA, 28, AF, 11, 01, FF, E2] {MOV EDX, 0x111af28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] ntdll.dll!NtCreateFile + 5 77D828E5 7 Bytes [BA, 28, AC, 11, 01, FF, E2] {MOV EDX, 0x111ac28; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 13, 01, 50, C3, ...] {MOV EAX, 0x11311e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 13, 01, 50, C3, ...] {MOV EAX, 0x1131229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 13, 01, 50, C3, ...] {MOV EAX, 0x1131dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 13, 01, 50, C3, ...] {MOV EAX, 0x1131e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 13, 01, 50, C3, ...] {MOV EAX, 0x11318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 13, 01, 50, C3, ...] {MOV EAX, 0x11318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 13, 01, 50, C3, ...] {MOV EAX, 0x113793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 13, 01, 50, C3, ...] {MOV EAX, 0x1135d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 13, 01, 50, C3, ...] {MOV EAX, 0x1135bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 13, 01, 50, C3, ...] {MOV EAX, 0x11377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 13, 01, 50, C3, ...] {MOV EAX, 0x1137741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 13, 01, 50, C3, ...] {MOV EAX, 0x1131d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 13, 01, 50, C3, ...] {MOV EAX, 0x1131d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 13, 01, 50, C3, ...] {MOV EAX, 0x1135904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 13, 01, 50, C3, ...] {MOV EAX, 0x11373da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 13, 01, 50, C3, ...] {MOV EAX, 0x113194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[2872] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 13, 01, 50, C3, ...] {MOV EAX, 0x113569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a8442; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a770d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a11e5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a1dd5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a1e20; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a18dd; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a18b7; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a793c; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a5bb6; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a1d8d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a5904; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 75290006 .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 752A0006 .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a194f; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\svchost.exe[3360] user32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 3A, 00, 50, C3, ...] {MOV EAX, 0x3a569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 73, 00, 50, C3, ...] {MOV EAX, 0x738442; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 73, 00, 50, C3, ...] {MOV EAX, 0x73770d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 73, 00, 50, C3, ...] {MOV EAX, 0x7311e5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 73, 00, 50, C3, ...] {MOV EAX, 0x731229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 73, 00, 50, C3, ...] {MOV EAX, 0x731dd5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 73, 00, 50, C3, ...] {MOV EAX, 0x731e20; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 73, 00, 50, C3, ...] {MOV EAX, 0x7318dd; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 73, 00, 50, C3, ...] {MOV EAX, 0x7318b7; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 73, 00, 50, C3, ...] {MOV EAX, 0x73793c; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 73, 00, 50, C3, ...] {MOV EAX, 0x735d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 73, 00, 50, C3, ...] {MOV EAX, 0x735bb6; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 73, 00, 50, C3, ...] {MOV EAX, 0x7377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 73, 00, 50, C3, ...] {MOV EAX, 0x737741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 73, 00, 50, C3, ...] {MOV EAX, 0x731d8d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 73, 00, 50, C3, ...] {MOV EAX, 0x731d45; PUSH EAX; RET ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 73, 00, 50, C3, ...] {MOV EAX, 0x735904; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 73, 00, 50, C3, ...] {MOV EAX, 0x7373da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 73, 00, 50, C3, ...] {MOV EAX, 0x73194f; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\taskhostw.exe[4048] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 73, 00, 50, C3, ...] {MOV EAX, 0x73569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, CF, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, CE, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, CD, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D88B86 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, CC, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D88F28 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, CE, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, CD, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, CE, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D89067 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, CD, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, CC, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, CF, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, CC, 78] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a11e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4168] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 7A, 00, 50, C3, ...] {MOV EAX, 0x7a569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, F8, 00, 50, C3, ...] {MOV EAX, 0xf88442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, F8, 00, 50, C3, ...] {MOV EAX, 0xf8770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, 33, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, 32, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, 31, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D908EA .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, 30, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D90C8C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, 32, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, 31, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, 32, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D90DCB .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, 31, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, 30, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, 33, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, 30, F6] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, F8, 00, 50, C3, ...] {MOV EAX, 0xf811e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, F8, 00, 50, C3, ...] {MOV EAX, 0xf81229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, F8, 00, 50, C3, ...] {MOV EAX, 0xf81dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, F8, 00, 50, C3, ...] {MOV EAX, 0xf81e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, F8, 00, 50, C3, ...] {MOV EAX, 0xf818dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, F8, 00, 50, C3, ...] {MOV EAX, 0xf818b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, F8, 00, 50, C3, ...] {MOV EAX, 0xf8793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, F8, 00, 50, C3, ...] {MOV EAX, 0xf85d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, F8, 00, 50, C3, ...] {MOV EAX, 0xf85bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, F8, 00, 50, C3, ...] {MOV EAX, 0xf877ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, F8, 00, 50, C3, ...] {MOV EAX, 0xf87741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, F8, 00, 50, C3, ...] {MOV EAX, 0xf81d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, F8, 00, 50, C3, ...] {MOV EAX, 0xf81d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, F8, 00, 50, C3, ...] {MOV EAX, 0xf85904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, F8, 00, 50, C3, ...] {MOV EAX, 0xf873da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, F8, 00, 50, C3, ...] {MOV EAX, 0xf8194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[4268] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, F8, 00, 50, C3, ...] {MOV EAX, 0xf8569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, B1, 00, 50, C3, ...] {MOV EAX, 0xb18442; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, B1, 00, 50, C3, ...] {MOV EAX, 0xb1770d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, B1, 00, 50, C3, ...] {MOV EAX, 0xb111e5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, B1, 00, 50, C3, ...] {MOV EAX, 0xb11229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, B1, 00, 50, C3, ...] {MOV EAX, 0xb11dd5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, B1, 00, 50, C3, ...] {MOV EAX, 0xb11e20; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, B1, 00, 50, C3, ...] {MOV EAX, 0xb118dd; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, B1, 00, 50, C3, ...] {MOV EAX, 0xb118b7; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, B1, 00, 50, C3, ...] {MOV EAX, 0xb1793c; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, B1, 00, 50, C3, ...] {MOV EAX, 0xb15d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, B1, 00, 50, C3, ...] {MOV EAX, 0xb15bb6; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, B1, 00, 50, C3, ...] {MOV EAX, 0xb177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, B1, 00, 50, C3, ...] {MOV EAX, 0xb17741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, B1, 00, 50, C3, ...] {MOV EAX, 0xb11d8d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, B1, 00, 50, C3, ...] {MOV EAX, 0xb11d45; PUSH EAX; RET ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, B1, 00, 50, C3, ...] {MOV EAX, 0xb15904; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, B1, 00, 50, C3, ...] {MOV EAX, 0xb173da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, B1, 00, 50, C3, ...] {MOV EAX, 0xb1194f; PUSH EAX; RET ; NOP } .text C:\WINDOWS\system32\SettingSyncHost.exe[4508] user32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, B1, 00, 50, C3, ...] {MOV EAX, 0xb1569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, FB, 00, 50, C3, ...] {MOV EAX, 0xfb8442; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, FB, 00, 50, C3, ...] {MOV EAX, 0xfb770d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, FB, 00, 50, C3, ...] {MOV EAX, 0xfb11e5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, FB, 00, 50, C3, ...] {MOV EAX, 0xfb1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, FB, 00, 50, C3, ...] {MOV EAX, 0xfb1dd5; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, FB, 00, 50, C3, ...] {MOV EAX, 0xfb1e20; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, FB, 00, 50, C3, ...] {MOV EAX, 0xfb18dd; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, FB, 00, 50, C3, ...] {MOV EAX, 0xfb18b7; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, FB, 00, 50, C3, ...] {MOV EAX, 0xfb793c; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, FB, 00, 50, C3, ...] {MOV EAX, 0xfb5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, FB, 00, 50, C3, ...] {MOV EAX, 0xfb5bb6; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, FB, 00, 50, C3, ...] {MOV EAX, 0xfb77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, FB, 00, 50, C3, ...] {MOV EAX, 0xfb7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, FB, 00, 50, C3, ...] {MOV EAX, 0xfb1d8d; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, FB, 00, 50, C3, ...] {MOV EAX, 0xfb1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, FB, 00, 50, C3, ...] {MOV EAX, 0xfb5904; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, FB, 00, 50, C3, ...] {MOV EAX, 0xfb73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, FB, 00, 50, C3, ...] {MOV EAX, 0xfb194f; PUSH EAX; RET ; NOP } .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[5164] user32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, FB, 00, 50, C3, ...] {MOV EAX, 0xfb569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 35, 03, 50, C3, ...] {MOV EAX, 0x3358442; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 35, 03, 50, C3, ...] {MOV EAX, 0x335770d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 35, 03, 50, C3, ...] {MOV EAX, 0x33511e5; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 35, 03, 50, C3, ...] {MOV EAX, 0x3351229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 35, 03, 50, C3, ...] {MOV EAX, 0x3351dd5; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 35, 03, 50, C3, ...] {MOV EAX, 0x3351e20; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 35, 03, 50, C3, ...] {MOV EAX, 0x33518dd; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 35, 03, 50, C3, ...] {MOV EAX, 0x33518b7; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 35, 03, 50, C3, ...] {MOV EAX, 0x335793c; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 35, 03, 50, C3, ...] {MOV EAX, 0x3355d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 35, 03, 50, C3, ...] {MOV EAX, 0x3355bb6; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 35, 03, 50, C3, ...] {MOV EAX, 0x33577ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 35, 03, 50, C3, ...] {MOV EAX, 0x3357741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 35, 03, 50, C3, ...] {MOV EAX, 0x3351d8d; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 35, 03, 50, C3, ...] {MOV EAX, 0x3351d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 35, 03, 50, C3, ...] {MOV EAX, 0x3355904; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 35, 03, 50, C3, ...] {MOV EAX, 0x33573da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 35, 03, 50, C3, ...] {MOV EAX, 0x335194f; PUSH EAX; RET ; NOP } .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[5320] user32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 35, 03, 50, C3, ...] {MOV EAX, 0x335569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 61, 00, 50, C3, ...] {MOV EAX, 0x618442; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 61, 00, 50, C3, ...] {MOV EAX, 0x61770d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 61, 00, 50, C3, ...] {MOV EAX, 0x6111e5; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 61, 00, 50, C3, ...] {MOV EAX, 0x611229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 61, 00, 50, C3, ...] {MOV EAX, 0x611dd5; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 61, 00, 50, C3, ...] {MOV EAX, 0x611e20; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 61, 00, 50, C3, ...] {MOV EAX, 0x6118dd; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 61, 00, 50, C3, ...] {MOV EAX, 0x6118b7; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 61, 00, 50, C3, ...] {MOV EAX, 0x61793c; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 61, 00, 50, C3, ...] {MOV EAX, 0x615d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 61, 00, 50, C3, ...] {MOV EAX, 0x615bb6; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 61, 00, 50, C3, ...] {MOV EAX, 0x6177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 61, 00, 50, C3, ...] {MOV EAX, 0x617741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 61, 00, 50, C3, ...] {MOV EAX, 0x611d8d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 61, 00, 50, C3, ...] {MOV EAX, 0x611d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 61, 00, 50, C3, ...] {MOV EAX, 0x615904; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 61, 00, 50, C3, ...] {MOV EAX, 0x6173da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 75290006 .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 752A0006 .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 61, 00, 50, C3, ...] {MOV EAX, 0x61194f; PUSH EAX; RET ; NOP } .text C:\Windows\System32\RuntimeBroker.exe[5940] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 61, 00, 50, C3, ...] {MOV EAX, 0x61569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, F7, 00, 50, C3, ...] {MOV EAX, 0xf78442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, F7, 00, 50, C3, ...] {MOV EAX, 0xf7770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, 43, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, 42, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, 41, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D907FA .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, 40, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D90B9C .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, 42, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, 41, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, 42, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D90CDB .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, 41, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, 40, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, 43, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, 40, F5] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, F7, 00, 50, C3, ...] {MOV EAX, 0xf711e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, F7, 00, 50, C3, ...] {MOV EAX, 0xf71229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, F7, 00, 50, C3, ...] {MOV EAX, 0xf71dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, F7, 00, 50, C3, ...] {MOV EAX, 0xf71e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, F7, 00, 50, C3, ...] {MOV EAX, 0xf718dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, F7, 00, 50, C3, ...] {MOV EAX, 0xf718b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, F7, 00, 50, C3, ...] {MOV EAX, 0xf7793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, F7, 00, 50, C3, ...] {MOV EAX, 0xf75d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, F7, 00, 50, C3, ...] {MOV EAX, 0xf75bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, F7, 00, 50, C3, ...] {MOV EAX, 0xf777ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, F7, 00, 50, C3, ...] {MOV EAX, 0xf77741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, F7, 00, 50, C3, ...] {MOV EAX, 0xf71d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, F7, 00, 50, C3, ...] {MOV EAX, 0xf71d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, F7, 00, 50, C3, ...] {MOV EAX, 0xf75904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, F7, 00, 50, C3, ...] {MOV EAX, 0xf773da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, F7, 00, 50, C3, ...] {MOV EAX, 0xf7194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[6000] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, F7, 00, 50, C3, ...] {MOV EAX, 0xf7569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e8442; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e770d; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e11e5; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, 5E, 00, 50, C3] {MOV EAX, 0x5e1dd5; PUSH EAX; RET } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, 5E, 00, 50, C3] {MOV EAX, 0x5e1e20; PUSH EAX; RET } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e18dd; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e18b7; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e793c; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e5bb6; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, 5E, 00, 50, C3] {MOV EAX, 0x5e1d8d; PUSH EAX; RET } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e5904; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e194f; PUSH EAX; RET ; NOP } .text C:\Windows\System32\SystemSettingsBroker.exe[6816] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, FF, 00, 50, C3, ...] {MOV EAX, 0xff8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, FF, 00, 50, C3, ...] {MOV EAX, 0xff770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, 9F, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, 9E, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, 9D, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D91056 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, 9C, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D913F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, 9E, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, 9D, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, 9E, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D91537 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, 9D, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, 9C, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, 9F, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, 9C, FD] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, FF, 00, 50, C3, ...] {MOV EAX, 0xff11e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, FF, 00, 50, C3, ...] {MOV EAX, 0xff1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, FF, 00, 50, C3, ...] {MOV EAX, 0xff1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, FF, 00, 50, C3, ...] {MOV EAX, 0xff1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, FF, 00, 50, C3, ...] {MOV EAX, 0xff18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, FF, 00, 50, C3, ...] {MOV EAX, 0xff18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, FF, 00, 50, C3, ...] {MOV EAX, 0xff793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, FF, 00, 50, C3, ...] {MOV EAX, 0xff5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, FF, 00, 50, C3, ...] {MOV EAX, 0xff5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, FF, 00, 50, C3, ...] {MOV EAX, 0xff77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, FF, 00, 50, C3, ...] {MOV EAX, 0xff7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, FF, 00, 50, C3, ...] {MOV EAX, 0xff1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, FF, 00, 50, C3, ...] {MOV EAX, 0xff1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, FF, 00, 50, C3, ...] {MOV EAX, 0xff5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, FF, 00, 50, C3, ...] {MOV EAX, 0xff73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, FF, 00, 50, C3, ...] {MOV EAX, 0xff194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7016] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, FF, 00, 50, C3, ...] {MOV EAX, 0xff569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, CB, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, CA, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, C9, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D8AB82 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, C8, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D8AF24 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, CA, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, C9, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, CA, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D8B063 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, C9, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, C8, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, CB, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, C8, 98] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a11e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a1dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a1e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a1d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7080] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 9A, 00, 50, C3, ...] {MOV EAX, 0x9a569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 63, 00, 50, C3, ...] {MOV EAX, 0x638442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 63, 00, 50, C3, ...] {MOV EAX, 0x63770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, 67, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, 66, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, 65, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D8741E .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, 64, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D877C0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, 66, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, 65, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, 66, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D878FF .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, 65, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, 64, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, 67, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, 64, 61] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 63, 00, 50, C3, ...] {MOV EAX, 0x6311e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 63, 00, 50, C3, ...] {MOV EAX, 0x631229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, 63, 00, 50, C3, ...] {MOV EAX, 0x631dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, 63, 00, 50, C3, ...] {MOV EAX, 0x631e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 63, 00, 50, C3, ...] {MOV EAX, 0x6318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 63, 00, 50, C3, ...] {MOV EAX, 0x6318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 63, 00, 50, C3, ...] {MOV EAX, 0x63793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 63, 00, 50, C3, ...] {MOV EAX, 0x635d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 63, 00, 50, C3, ...] {MOV EAX, 0x635bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 63, 00, 50, C3, ...] {MOV EAX, 0x6377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 63, 00, 50, C3, ...] {MOV EAX, 0x637741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, 63, 00, 50, C3, ...] {MOV EAX, 0x631d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 63, 00, 50, C3, ...] {MOV EAX, 0x631d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 63, 00, 50, C3, ...] {MOV EAX, 0x635904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 63, 00, 50, C3, ...] {MOV EAX, 0x6373da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 63, 00, 50, C3, ...] {MOV EAX, 0x63194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7112] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 63, 00, 50, C3, ...] {MOV EAX, 0x63569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, B3, 00, 50, C3, ...] {MOV EAX, 0xb38442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, B3, 00, 50, C3, ...] {MOV EAX, 0xb3770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtUnmapViewOfSection + 5 77D7FDF5 4 Bytes [BA, 68, D3, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtUnmapViewOfSection + A 77D7FDFA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtSetInformationThread + 5 77D804C5 4 Bytes [BA, 28, D2, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtSetInformationThread + A 77D804CA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtSetInformationFile + 5 77D80585 4 Bytes [BA, 28, D1, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtSetInformationFile + A 77D8058A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtQueryFullAttributesFile + 5 77D812B5 4 Bytes CALL 76D8C48A .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtQueryFullAttributesFile + A 77D812BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtQueryAttributesFile + 5 77D81415 4 Bytes [BA, A8, D0, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtQueryAttributesFile + A 77D8141A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenThreadTokenEx + 5 77D81655 4 Bytes CALL 76D8C82C .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenThreadTokenEx + A 77D8165A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenThreadToken + 5 77D81675 4 Bytes [BA, 68, D2, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenThreadToken + A 77D8167A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenThread + 5 77D81695 4 Bytes [BA, 68, D1, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenThread + A 77D8169A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenProcessTokenEx + 5 77D81775 4 Bytes [BA, A8, D2, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenProcessTokenEx + A 77D8177A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenProcessToken + 5 77D81795 4 Bytes CALL 76D8C96B .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenProcessToken + A 77D8179A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenProcess + 5 77D817B5 4 Bytes [BA, A8, D1, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenProcess + A 77D817BA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenFile + 5 77D81915 4 Bytes [BA, 68, D0, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtOpenFile + A 77D8191A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtMapViewOfSection + 5 77D81A95 4 Bytes [BA, 28, D3, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtMapViewOfSection + A 77D81A9A 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtCreateFile + 5 77D828E5 4 Bytes [BA, 28, D0, B1] .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] ntdll.dll!NtCreateFile + A 77D828EA 2 Bytes [FF, E2] {JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, B3, 00, 50, C3, ...] {MOV EAX, 0xb311e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, B3, 00, 50, C3, ...] {MOV EAX, 0xb31229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!PeekMessageA 77729C80 8 Bytes [B8, D5, 1D, B3, 00, 50, C3, ...] {MOV EAX, 0xb31dd5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!PeekMessageW 77729DE0 8 Bytes [B8, 20, 1E, B3, 00, 50, C3, ...] {MOV EAX, 0xb31e20; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, B3, 00, 50, C3, ...] {MOV EAX, 0xb318dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, B3, 00, 50, C3, ...] {MOV EAX, 0xb318b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, B3, 00, 50, C3, ...] {MOV EAX, 0xb3793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, B3, 00, 50, C3, ...] {MOV EAX, 0xb35d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, B3, 00, 50, C3, ...] {MOV EAX, 0xb35bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, B3, 00, 50, C3, ...] {MOV EAX, 0xb377ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, B3, 00, 50, C3, ...] {MOV EAX, 0xb37741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetMessageW 777484B0 8 Bytes [B8, 8D, 1D, B3, 00, 50, C3, ...] {MOV EAX, 0xb31d8d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, B3, 00, 50, C3, ...] {MOV EAX, 0xb31d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, B3, 00, 50, C3, ...] {MOV EAX, 0xb35904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, B3, 00, 50, C3, ...] {MOV EAX, 0xb373da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, B3, 00, 50, C3, ...] {MOV EAX, 0xb3194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7504] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, B3, 00, 50, C3, ...] {MOV EAX, 0xb3569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, D1, 02, 50, C3, ...] {MOV EAX, 0x2d18442; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, D1, 02, 50, C3, ...] {MOV EAX, 0x2d1770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, D1, 02, 50, C3, ...] {MOV EAX, 0x2d111e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, D1, 02, 50, C3, ...] {MOV EAX, 0x2d11229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, D1, 02, 50, C3] {MOV EAX, 0x2d11dd5; PUSH EAX; RET } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, D1, 02, 50, C3] {MOV EAX, 0x2d11e20; PUSH EAX; RET } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, D1, 02, 50, C3, ...] {MOV EAX, 0x2d118dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, D1, 02, 50, C3, ...] {MOV EAX, 0x2d118b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, D1, 02, 50, C3, ...] {MOV EAX, 0x2d1793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, D1, 02, 50, C3, ...] {MOV EAX, 0x2d15d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, D1, 02, 50, C3, ...] {MOV EAX, 0x2d15bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, D1, 02, 50, C3, ...] {MOV EAX, 0x2d177ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, D1, 02, 50, C3, ...] {MOV EAX, 0x2d17741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, D1, 02, 50, C3] {MOV EAX, 0x2d11d8d; PUSH EAX; RET } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, D1, 02, 50, C3, ...] {MOV EAX, 0x2d11d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, D1, 02, 50, C3, ...] {MOV EAX, 0x2d15904; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, D1, 02, 50, C3, ...] {MOV EAX, 0x2d173da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 755B0006 .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 755C0006 .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, D1, 02, 50, C3, ...] {MOV EAX, 0x2d1194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Windows Defender\MSASCuiL.exe[7584] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, D1, 02, 50, C3, ...] {MOV EAX, 0x2d1569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e8442; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e11e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e1229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, 5E, 00, 50, C3] {MOV EAX, 0x5e1dd5; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, 5E, 00, 50, C3] {MOV EAX, 0x5e1e20; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e18dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e18b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e5d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e5bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e77ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e7741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, 5E, 00, 50, C3] {MOV EAX, 0x5e1d8d; PUSH EAX; RET } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e1d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e5904; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e73da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Sandboxie\SbieCtrl.exe[7648] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 5E, 00, 50, C3, ...] {MOV EAX, 0x5e569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, B9, 00, 50, C3, ...] {MOV EAX, 0xb98442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, B9, 00, 50, C3, ...] {MOV EAX, 0xb9770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!NtMapViewOfSection + 5 77D81A95 7 Bytes [BA, 18, 40, 7A, 58, FF, E2] {MOV EDX, 0x587a4018; JMP EDX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, B9, 00, 50, C3, ...] {MOV EAX, 0xb911e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, B9, 00, 50, C3, ...] {MOV EAX, 0xb91229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, B9, 00, 50, C3] {MOV EAX, 0xb91dd5; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, B9, 00, 50, C3] {MOV EAX, 0xb91e20; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, B9, 00, 50, C3, ...] {MOV EAX, 0xb918dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, B9, 00, 50, C3, ...] {MOV EAX, 0xb918b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, B9, 00, 50, C3, ...] {MOV EAX, 0xb9793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, B9, 00, 50, C3, ...] {MOV EAX, 0xb95d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, B9, 00, 50, C3, ...] {MOV EAX, 0xb95bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, B9, 00, 50, C3, ...] {MOV EAX, 0xb977ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, B9, 00, 50, C3, ...] {MOV EAX, 0xb97741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, B9, 00, 50, C3] {MOV EAX, 0xb91d8d; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, B9, 00, 50, C3, ...] {MOV EAX, 0xb91d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, B9, 00, 50, C3, ...] {MOV EAX, 0xb95904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, B9, 00, 50, C3, ...] {MOV EAX, 0xb973da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, B9, 00, 50, C3, ...] {MOV EAX, 0xb9194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, B9, 00, 50, C3, ...] {MOV EAX, 0xb9569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!LdrLoadDll 77D32010 8 Bytes [B8, 42, 84, 94, 00, 50, C3, ...] {MOV EAX, 0x948442; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!LdrUnloadDll 77D3F5E0 8 Bytes [B8, 0D, 77, 94, 00, 50, C3, ...] {MOV EAX, 0x94770d; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] KERNEL32.DLL!VirtualProtect 77B35F60 8 Bytes [B8, E5, 11, 94, 00, 50, C3, ...] {MOV EAX, 0x9411e5; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] KERNEL32.DLL!VirtualProtect + 9 77B35F69 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] KERNEL32.DLL!VirtualProtectEx 77B52E30 12 Bytes [B8, 29, 12, 94, 00, 50, C3, ...] {MOV EAX, 0x941229; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!PeekMessageA 77729C80 7 Bytes [B8, D5, 1D, 94, 00, 50, C3] {MOV EAX, 0x941dd5; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!PeekMessageW 77729DE0 7 Bytes [B8, 20, 1E, 94, 00, 50, C3] {MOV EAX, 0x941e20; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!SetWindowLongW 77733F30 8 Bytes [B8, DD, 18, 94, 00, 50, C3, ...] {MOV EAX, 0x9418dd; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!SetWindowLongA 77734130 8 Bytes [B8, B7, 18, 94, 00, 50, C3, ...] {MOV EAX, 0x9418b7; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!CallNextHookEx 777385E0 8 Bytes [B8, 3C, 79, 94, 00, 50, C3, ...] {MOV EAX, 0x94793c; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!OpenWindowStationA + 2D0 77738CF0 11 Bytes [B8, 81, 5D, 94, 00, 50, C3, ...] {MOV EAX, 0x945d81; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetPropW + 1C0 77744F90 8 Bytes [B8, B6, 5B, 94, 00, 50, C3, ...] {MOV EAX, 0x945bb6; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetKeyState 77747720 11 Bytes [B8, EE, 77, 94, 00, 50, C3, ...] {MOV EAX, 0x9477ee; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetAsyncKeyState 77747FD0 11 Bytes [B8, 41, 77, 94, 00, 50, C3, ...] {MOV EAX, 0x947741; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetMessageW 777484B0 7 Bytes [B8, 8D, 1D, 94, 00, 50, C3] {MOV EAX, 0x941d8d; PUSH EAX; RET } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetMessageA 77749070 9 Bytes [B8, 45, 1D, 94, 00, 50, C3, ...] {MOV EAX, 0x941d45; PUSH EAX; RET ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetActiveWindow + 10 7774ABB0 8 Bytes [B8, 04, 59, 94, 00, 50, C3, ...] {MOV EAX, 0x945904; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!InternalGetWindowIcon + 20 7774ECC0 11 Bytes [B8, DA, 73, 94, 00, 50, C3, ...] {MOV EAX, 0x9473da; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetKeyboardState + 2 77758A32 4 Bytes JMP 753E0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetRawInputData + 2 77758B92 4 Bytes JMP 753F0006 .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!EndTask 77788A70 8 Bytes [B8, 4F, 19, 94, 00, 50, C3, ...] {MOV EAX, 0x94194f; PUSH EAX; RET ; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] USER32.dll!GetRawInputBuffer 77791AE0 11 Bytes [B8, 9A, 56, 94, 00, 50, C3, ...] {MOV EAX, 0x94569a; PUSH EAX; RET ; NOP ; NOP ; NOP ; NOP } ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 SpyshelterKb.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 EUBKMON.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 EUBKMON.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 EUBKMON.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1682729873 Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94 Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94@ImagePath \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75645A4D-6315-4397-9DEE-9A7398A4D17B}\MpKsld92bdf94.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94@DeviceName MpKsld92bdf94 Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94@AllowedProcessName \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe Reg HKLM\SYSTEM\CurrentControlSet\Services\MpKsld92bdf94 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 201 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bc0b42e6-0336-4106-a052-f4ca2a987e48}@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xBF 0xB8 0x8C 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xBF 0x20 0x51 0xED ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xBF 0x50 0xC8 0x29 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdHigh 30549177 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow -409388796 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\TiRunning Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@LastSuccessfulUploadTime 0x31 0x82 0x19 0x45 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests@LastDownloadTime 0x35 0xA2 0x43 0x11 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastTaskOperationHandle 28 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Orchestrator\ActiveUpdateSessions\51b519d5-b6f5-4333-8df6-e74d7c9aead4 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Reporting@SigUpdateTimestampsSinceLastHB 10/11/2016 20:36:42.376339500 UTC;10/11/2016 18:45:02.505136800 UTC;10/10/2016 20:11:21.609328300 UTC;10/09/2016 09:19:03.917892500 UTC;10/08/2016 05:24:55.437646200 UTC;10/07/2016 04:38:46.270129300 UTC;10/06/2016 17:36:01.733555400 UTC;10/05/2016 18:29:08.27622700 UTC;10/04/2016 16:33:30.289219900 UTC;10/03/2016 18:54:32.90378200 UTC;10/02/2016 09:45:04.473916800 UTC;10/01/2016 17:42:54.529723900 UTC;10/01/2016 10:03:15.845537300 UTC;09/30/2016 16:15:07.95366700 UTC;09/29/2016 18:22:30.790608800 UTC;09/28/2016 20:21:20.25347000 UTC;09/27/2016 18:00:10.563820900 UTC;09/26/2016 17:27:55.873267600 UTC;09/25/2016 10:15:24.345123500 UTC;09/24/2016 08:13:01.342107500 UTC;09/23/2016 17:00:10.834227300 UTC;09/22/2016 18:54:55.259266300 UTC;09/21/2016 18:59:34.227768700 UTC;09/20/2016 16:23:36.28965500 UTC;09/19/2016 16:52:06.154314900 UTC;09/19/2016 07:30:17.35777600 UTC;09/18/2016 12:08:53.653875200 UTC;09/18/2016 07:21:36.740830000 UTC;09/17/2016 10:35:43.925166600 UTC;09/17/2016 08:06:05.828159500 UTC;09/16/201 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@AVSignatureVersion 1.229.1461.0 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@ASSignatureVersion 1.229.1461.0 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@SignatureLocation C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75645A4D-6315-4397-9DEE-9A7398A4D17B} Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@SignatureUpdateCount 100 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@D4065D63 27 ---- EOF - GMER 2.2 ----