GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-08 20:17:15 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7 SAMSUNG_HD502HJ rev.1AJ100E4 Running: mxrdg6bn.exe; Driver: C:\DOCUME~1\alfa\USTAWI~1\Temp\awrdafow.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9EA9290] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EA92A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EA92D0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EA9326] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9EA927C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EA9254] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EA9268] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EA92BA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EA92FC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EA92E6] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EA9350] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EA933C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EA9310] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9EA9314 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP B9EA932A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP B9EA9340 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6114 5 Bytes JMP B9EA9300 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805C13F8 5 Bytes JMP B9EA9258 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C1684 5 Bytes JMP B9EA926C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP B9EA9354 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 8061925E 7 Bytes JMP B9EA92EA mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 8061A70E 7 Bytes JMP B9EA92BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 8061ACEC 5 Bytes JMP B9EA9294 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 8061B188 7 Bytes JMP B9EA92A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B358 7 Bytes JMP B9EA92D4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwOpenKey 8061C0CA 5 Bytes JMP B9EA9280 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9273360, 0x32E00D, 0xE8000020] .text serial.sys BA308300 4 Bytes [00, 08, 00, 00] {ADD [EAX], CL; ADD [EAX], AL} .text serial.sys BA308305 1 Byte [F7] .text serial.sys BA308314 1 Byte [40] .text serial.sys BA308317 1 Byte [42] .text serial.sys BA30831F 1 Byte [00] .text ... .PAGE1 C:\WINDOWS\system32\DRIVERS\serial.sys unknown last section [0xBA315A00, 0x100, 0xC0000040] ? C:\WINDOWS\system32\DRIVERS\serial.sys suspicious PE modification ? C:\DOCUME~1\alfa\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 624199A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[388] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03A70FEF .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03A70FB9 .text C:\WINDOWS\Explorer.EXE[412] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03A70FD4 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03AC0FEF .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03AC0093 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03AC0082 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03AC0065 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03AC0054 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03AC001E .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03AC00D0 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03AC00B5 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03AC0F52 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03AC0F6D .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03AC0106 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03AC0039 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03AC0FD4 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03AC00A4 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03AC0FB2 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03AC0FC3 .text C:\WINDOWS\Explorer.EXE[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03AC00E1 .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 03AB0FAF .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 03AB002C .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 03AB0000 .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 03AB0FD4 .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 03AB0F79 .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 03AB0FEF .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 03AB0F8A .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [CC, 8B] .text C:\WINDOWS\Explorer.EXE[412] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 03AB001B .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 03AA0053 .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!system 77C193C7 5 Bytes JMP 03AA0042 .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 03AA0FE3 .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_open 77C1F566 5 Bytes JMP 03AA0000 .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 03AA0FD2 .text C:\WINDOWS\Explorer.EXE[412] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 03AA001D .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenA 3FD1D698 5 Bytes JMP 03A80000 .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenW 3FD1DB11 5 Bytes JMP 03A80FE5 .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenUrlA 3FD1F3AC 5 Bytes JMP 03A80FCA .text C:\WINDOWS\Explorer.EXE[412] WININET.dll!InternetOpenUrlW 3FD66D6F 5 Bytes JMP 03A8001B .text C:\WINDOWS\Explorer.EXE[412] WS2_32.dll!socket 71A54211 5 Bytes JMP 03A90FEF .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[616] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[892] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040000 .text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00040FC0 .text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040FDB .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FE5 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60093 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F94 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60062 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60051 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6002F .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C600CB .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C600AE .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60F4D .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C600E6 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60F3C .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60040 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FD4 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F83 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6001E .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C60FC3 .text C:\WINDOWS\system32\services.exe[1104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C60F68 .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00070011 .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00070051 .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00070FCA .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00070000 .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00070F9E .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00070FE5 .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00070FAF .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [28, 88] .text C:\WINDOWS\system32\services.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0007002C .text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 0006004E .text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!system 77C193C7 5 Bytes JMP 00060FC3 .text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00060FDE .text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_open 77C1F566 5 Bytes JMP 0006000C .text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00060033 .text C:\WINDOWS\system32\services.exe[1104] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00060FEF .text C:\WINDOWS\system32\services.exe[1104] WS2_32.dll!socket 71A54211 5 Bytes JMP 00050FEF .text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FA0FE5 .text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FA0011 .text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FA0000 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F6F .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF0F80 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF0058 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF003D .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF002C .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0F2D .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF0F54 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F12 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00AB .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0EF7 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0FA5 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0011 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF007F .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FC0 .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0FDB .text C:\WINDOWS\system32\lsass.exe[1116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0090 .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00FD0047 .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00FD0FAC .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00FD0036 .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00FD001B .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00FD0073 .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00FD0000 .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00FD0062 .text C:\WINDOWS\system32\lsass.exe[1116] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00FD0FD1 .text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00FC0F75 .text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!system 77C193C7 5 Bytes JMP 00FC0F90 .text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00FC0FAB .text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00FC0FEF .text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00FC0000 .text C:\WINDOWS\system32\lsass.exe[1116] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00FC0FC6 .text C:\WINDOWS\system32\lsass.exe[1116] WS2_32.dll!socket 71A54211 5 Bytes JMP 00FB0FE5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EF0000 .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EF0FD4 .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EF0FE5 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0F57 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB004C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB0F72 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB002F .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0FA8 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB0095 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0078 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0F1E .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00C1 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB0F0D .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0F8D .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0FE5 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0067 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FC3 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0FD4 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB00A6 .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00FA0FCA .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00FA0051 .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00FA0FDB .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00FA0011 .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00FA0F94 .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00FA0000 .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00FA0040 .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00FA0FAF .text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00F90FA6 .text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!system 77C193C7 5 Bytes JMP 00F90FB7 .text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00F9000C .text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00F90FE3 .text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00F90027 .text C:\WINDOWS\system32\svchost.exe[1332] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00F90FD2 .text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71A54211 5 Bytes JMP 00F80FE5 .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00DA0FE5 .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00DA0FD4 .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00DA0000 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DE0000 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DE007A .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DE0F8F .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DE0069 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DE0058 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DE003D .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DE0097 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DE0F4F .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DE00CD .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DE0F3E .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DE0F0F .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DE0FB6 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DE0FDB .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DE0F60 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DE0022 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DE0011 .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DE00B2 .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00DD0FC0 .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00DD0F72 .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00DD0011 .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00DD0000 .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00DD0F83 .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00DD0FEF .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00DD0F9E .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [FE, 88] .text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00DD0FAF .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00DC0055 .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!system 77C193C7 5 Bytes JMP 00DC0FD4 .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00DC0044 .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00DC000C .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00DC0FEF .text C:\WINDOWS\system32\svchost.exe[1396] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00DC001D .text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!socket 71A54211 5 Bytes JMP 00DB0FEF .text C:\WINDOWS\System32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03AF0FEF .text C:\WINDOWS\System32\svchost.exe[1592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03AF0FCA .text C:\WINDOWS\System32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03AF0000 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A80FEF .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A80F9E .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A80093 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A80FB9 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A80076 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A8004A .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A800BF .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A80F6D .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A800F5 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A80F52 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02A80F37 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02A8005B .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02A80FDE .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02A800A4 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02A80025 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02A80014 .text C:\WINDOWS\System32\svchost.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02A800D0 .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 02920FCD .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 0292004D .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 02920FDE .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 02920014 .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 02920F86 .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 02920FEF .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 02920F97 .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [B3, 8A] {MOV BL, 0x8a} .text C:\WINDOWS\System32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 02920FA8 .text C:\WINDOWS\System32\svchost.exe[1592] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 0291005A .text C:\WINDOWS\System32\svchost.exe[1592] msvcrt.dll!system 77C193C7 5 Bytes JMP 02910049 .text C:\WINDOWS\System32\svchost.exe[1592] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 02910027 .text C:\WINDOWS\System32\svchost.exe[1592] msvcrt.dll!_open 77C1F566 5 Bytes JMP 02910000 .text C:\WINDOWS\System32\svchost.exe[1592] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 02910038 .text C:\WINDOWS\System32\svchost.exe[1592] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 02910FEF .text C:\WINDOWS\System32\svchost.exe[1592] WS2_32.dll!socket 71A54211 5 Bytes JMP 02900FEF .text C:\WINDOWS\System32\svchost.exe[1592] WININET.dll!InternetOpenA 3FD1D698 5 Bytes JMP 028F0FE5 .text C:\WINDOWS\System32\svchost.exe[1592] WININET.dll!InternetOpenW 3FD1DB11 5 Bytes JMP 028F0FD4 .text C:\WINDOWS\System32\svchost.exe[1592] WININET.dll!InternetOpenUrlA 3FD1F3AC 5 Bytes JMP 028F0FC3 .text C:\WINDOWS\System32\svchost.exe[1592] WININET.dll!InternetOpenUrlW 3FD66D6F 5 Bytes JMP 028F0FA8 .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00790000 .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00790FE5 .text C:\WINDOWS\system32\svchost.exe[1640] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00790011 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007D000A .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007D0F81 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007D0F92 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007D006C .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007D0FB9 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007D0036 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007D00A7 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007D0F5F .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007D00D3 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007D0F44 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007D0F1F .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007D0051 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007D0FEF .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007D0F70 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007D0FCA .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007D0025 .text C:\WINDOWS\system32\svchost.exe[1640] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007D00B8 .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 007C0FD4 .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 007C0FAF .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 007C001B .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 007C0FE5 .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 007C006C .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 007C0000 .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 007C005B .text C:\WINDOWS\system32\svchost.exe[1640] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 007C0040 .text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 007B0F9C .text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!system 77C193C7 5 Bytes JMP 007B0FB7 .text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 007B0FD9 .text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_open 77C1F566 5 Bytes JMP 007B0000 .text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 007B0FC8 .text C:\WINDOWS\system32\svchost.exe[1640] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 007B001D .text C:\WINDOWS\system32\svchost.exe[1640] WS2_32.dll!socket 71A54211 5 Bytes JMP 007A000A .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FB0000 .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FB002C .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB001B .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01240000 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01240078 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01240067 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01240040 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01240F8D .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01240FAF .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01240F43 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01240F5E .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012400B7 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012400A6 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012400D2 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01240F9E .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01240FE5 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01240089 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01240FC0 .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0124001B .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01240F28 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 01230FE5 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 0123007D .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 01230036 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 0123001B .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 01230FC0 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 01230000 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 01230062 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 01230051 .text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 01220051 .text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!system 77C193C7 5 Bytes JMP 0122002C .text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 01220FD7 .text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_open 77C1F566 5 Bytes JMP 01220000 .text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 01220FBC .text C:\WINDOWS\system32\svchost.exe[1684] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 01220011 .text C:\WINDOWS\system32\svchost.exe[1684] WS2_32.dll!socket 71A54211 5 Bytes JMP 01210FEF .text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00960FEF .text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0096000A .text C:\WINDOWS\system32\svchost.exe[1872] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00960FD4 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C7000A .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C70F77 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C70F88 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C70FA3 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C70FCA .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C70051 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C7009D .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C70F4B .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C70EFA .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C70F1F .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C700AE .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C7006C .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C70FEF .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C70F5C .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C70040 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C70025 .text C:\WINDOWS\system32\svchost.exe[1872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C70F30 .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00C60036 .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00C6006C .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00C6001B .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00C6000A .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00C60FB9 .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00C60FEF .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00C6005B .text C:\WINDOWS\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00C60FCA .text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00990F9A .text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!system 77C193C7 5 Bytes JMP 0099001B .text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00990FC6 .text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00990FEF .text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00990FAB .text C:\WINDOWS\system32\svchost.exe[1872] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00990000 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenA 3FD1D698 5 Bytes JMP 00970000 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenW 3FD1DB11 5 Bytes JMP 0097001B .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenUrlA 3FD1F3AC 5 Bytes JMP 00970FE5 .text C:\WINDOWS\system32\svchost.exe[1872] WININET.dll!InternetOpenUrlW 3FD66D6F 5 Bytes JMP 00970036 .text C:\WINDOWS\system32\svchost.exe[1872] WS2_32.dll!socket 71A54211 5 Bytes JMP 00980FE5 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008E0000 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008E0FE5 .text C:\WINDOWS\system32\svchost.exe[1916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008E0011 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00920FEF .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00920F65 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00920064 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00920053 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00920F94 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00920025 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00920086 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00920075 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009200BC .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00920F23 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00920F12 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00920036 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00920FD4 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00920F54 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0092000A .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00920FB9 .text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009200A1 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00910FCA .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00910051 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00910FE5 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00910011 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00910F94 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00910000 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00910036 .text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00910FA5 .text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00900FA1 .text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!system 77C193C7 5 Bytes JMP 00900FB2 .text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00900022 .text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00900FEF .text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00900FC3 .text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00900FDE .text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!socket 71A54211 5 Bytes JMP 008F0000 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2012] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2040] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2360] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2800] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2900] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\System32\svchost.exe[4000] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009A000A .text C:\WINDOWS\System32\svchost.exe[4000] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009A0FE5 .text C:\WINDOWS\System32\svchost.exe[4000] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A0025 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA000A .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA0F50 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0F61 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA0F72 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA0F8D .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0FAF .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA0F13 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA0F24 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA0091 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0080 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA00AC .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0F9E .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0FEF .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA0F3F .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA0FD4 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0025 .text C:\WINDOWS\System32\svchost.exe[4000] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA0EF8 .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00F90040 .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00F90091 .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00F90FEF .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00F90025 .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00F90FCA .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00F90000 .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00F9006C .text C:\WINDOWS\System32\svchost.exe[4000] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00F9005B .text C:\WINDOWS\System32\svchost.exe[4000] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00F80073 .text C:\WINDOWS\System32\svchost.exe[4000] msvcrt.dll!system 77C193C7 5 Bytes JMP 00F80058 .text C:\WINDOWS\System32\svchost.exe[4000] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00F80029 .text C:\WINDOWS\System32\svchost.exe[4000] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00F80FEF .text C:\WINDOWS\System32\svchost.exe[4000] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00F80FDE .text C:\WINDOWS\System32\svchost.exe[4000] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00F80018 .text C:\WINDOWS\System32\svchost.exe[4000] WS2_32.dll!socket 71A54211 5 Bytes JMP 009F0FEF ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\serial.sys[HAL.dll!KfAcquireSpinLock] 5004C083 IAT \SystemRoot\system32\DRIVERS\serial.sys[HAL.dll!KfReleaseSpinLock] 1D8BD7FF IAT \SystemRoot\system32\DRIVERS\serial.sys[HAL.dll!KeQueryPerformanceCounter] [BA30B298] \SystemRoot\system32\DRIVERS\serial.sys (Sterownik urządzenia szeregowego/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\WINDOWS\system32\mfevtps.exe[404] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040A4B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\WINDOWS\system32\mfevtps.exe[404] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040A510] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[616] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[892] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1248] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2040] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2800] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2900] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Driver\BTHUSB \Device\00000075 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000077 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) ---- Modules - GMER 1.0.15 ---- Module (noname) (*** hidden *** ) BA2B8000-BA2C6000 (57344 bytes) Module (noname) (*** hidden *** ) BA1B8000-BA1C1000 (36864 bytes) ---- Threads - GMER 1.0.15 ---- Thread System [4:132] BA1BC3E0 Thread System [4:136] 8A109330 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3fc51 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583b3fc51@001c9a0a8740 0x38 0xED 0xF0 0x06 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583b3fc51 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583b3fc51@001c9a0a8740 0x38 0xED 0xF0 0x06 ... ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\$NtUninstallKB45540$\3362076519 0 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797 0 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\@ 2048 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\L 0 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\L\abmvflsg 65280 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\loader.tlb 2632 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U 0 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@00000001 45968 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@000000c0 3072 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@000000cb 3072 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@000000cf 1536 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@80000000 23040 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@800000c0 35840 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@800000cb 23040 bytes File C:\WINDOWS\$NtUninstallKB45540$\4188452797\U\@800000cf 29184 bytes ---- EOF - GMER 1.0.15 ----