GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-24 00:18:03 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK5055GSX rev.FG001M 465,76GB Running: 7lbo4qf0.exe; Driver: C:\Users\Toshiba\AppData\Local\Temp\pwliypog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88003e9fc34 12 bytes {MOV RAX, 0xfffffa80053ca2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1936] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\SysWOW64\adblock.exe[1244] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726817fa 2 bytes CALL 764b1199 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adblock.exe[1244] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072681860 2 bytes CALL 764b1199 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adblock.exe[1244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072681942 2 bytes JMP 76d3c29f C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\adblock.exe[1244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007268194d 2 bytes JMP 76d3418d C:\Windows\syswow64\WS2_32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text c:\windows\SysWOW64\inetcfg\lsass.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\windows\SysWOW64\inetcfg\spoolsv.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000100346390 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000100346640 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001003453d0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 0000000100b339e1 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000100341290 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001003411c0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000100342570 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000100341000 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001003410a0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000100342510 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, B2] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, B3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, B3, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000100341d10 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 0000000100b2f5b3 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, B2, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 0000000100b416bc .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001003423a0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, B4, 00, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000100b41711 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001003491f0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000100349080 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[3504] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, B4, 00, C3] .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000100496390 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000100496640 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001004953d0 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 0000000100495300 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000100491290 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001004911c0 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000100492570 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000100491000 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001004910a0 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000100492510 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000100491d10 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 40, 00, C3] .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 0000000100497250 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 40, 00, C3] .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 0000000100492160 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001004923a0 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 00000001004920a0 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001004991f0 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000100499080 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Roaming\Eqby\xiofi.exe[3520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000101d16390 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000101d16640 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 0000000101d153d0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 0000000101d15300 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000101d11290 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 0000000101d111c0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000101d12570 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000101d11000 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 0000000101d110a0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000101d12510 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000101d11d10 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 0000000101d17250 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 0000000101d12160 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 0000000101d123a0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000101d120a0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 0000000101d191f0 .text C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe[3584] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000101d19080 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001005f6390 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001005f6640 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001005f53d0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001006839e1 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 00000001005f1290 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001005f11c0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 00000001005f2570 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 00000001005f1000 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001005f10a0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 00000001005f2510 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 67] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 68] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 68, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 3 bytes JMP 00000001005f1d10 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW + 4 0000000076d360f9 1 byte [89] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010067f5b3 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 67, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001006916bc .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001005f23a0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 69, 00, C3] .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000100691711 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001005f91f0 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 00000001005f9080 .text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[3636] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 69, 00, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000102c46390 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000102c46640 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 0000000102c453d0 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 0000000102ca39e1 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000102c41290 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 0000000102c411c0 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000102c42570 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000102c41000 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 0000000102c410a0 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000102c42510 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 0000000102cb16bc .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 0000000102c423a0 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000102cb1711 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, CA, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 0000000102c491f0 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000102c49080 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, CB, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ws2_32.DLL!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ws2_32.DLL!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000102c41d10 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ws2_32.DLL!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ws2_32.DLL!WSASend 0000000076d368a7 6 bytes [68, D4, F5, C9, 02, C3] .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ws2_32.DLL!send 0000000076d3c4c8 5 bytes JMP 0000000102c9f5b3 .text C:\Program Files (x86)\VVSN\VVSN.exe[3660] C:\Windows\syswow64\ws2_32.DLL!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, C9, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000101da6390 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000101da6640 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 0000000101da53d0 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001029639e1 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000101da1290 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 0000000101da11c0 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000101da2570 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000101da1000 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 0000000101da10a0 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000101da2510 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 96, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000101da1d10 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010295f5b3 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 95, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001029716bc .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 0000000101da23a0 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 97, 02, C3] .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000102971711 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 0000000101da91f0 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000101da9080 .text C:\Program Files (x86)\Browsers Protector\regmon32.exe[3916] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 97, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001001c6390 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001001c6640 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001001c53d0 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001026839e1 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 00000001001c1290 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001001c11c0 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 00000001001c2570 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 00000001001c1000 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001001c10a0 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 00000001001c2510 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 68, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001026916bc .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001001c23a0 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000102691711 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001001c91f0 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 00000001001c9080 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 69, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 00000001001c1d10 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010267f5b3 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 67, 02, C3] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3968] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001002d6390 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001002d6640 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001002d53d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 0000000102e639e1 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076308b9a 5 bytes JMP 0000000168a9818f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076322a3e 5 bytes JMP 0000000168bbfe70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076322a62 5 bytes JMP 00000001689b4ba7 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007634cc1a 5 bytes JMP 0000000168bbfe0d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007634cf72 5 bytes JMP 0000000168bbfed3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007635fd61 5 bytes JMP 0000000168bbfda2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007635fe2d 5 bytes JMP 0000000168bbfd37 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007635fe66 5 bytes JMP 0000000168bbfcd5 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007635fe8a 5 bytes JMP 0000000168bbfc73 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, E6, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000751a940c 5 bytes JMP 0000000168bc09d9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000071c07c30 5 bytes JMP 0000000168bc1396 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000071ca7bb2 5 bytes JMP 0000000168bc1437 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 00000001002d1d10 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 0000000102e5f5b3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, E5, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 0000000102e716bc .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001002d23a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, E7, 02, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000102e71711 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3980] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076cb9a4c 5 bytes JMP 0000000168bc0b0b ? C:\Windows\system32\mssprxy.dll [3980] entry point in ".rdata" section 00000000742f71e6 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001002e6390 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001002e6640 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001002e53d0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001002a39e1 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 00000001002e1290 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001002e11c0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 00000001002e2570 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 00000001002e1000 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001002e10a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 00000001002e2510 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 29] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 2A, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 2A] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001002b16bc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001002e23a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 00000001002b1711 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001002e91f0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 00000001002e9080 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 2B, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 00000001002e1d10 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 29, 00, C3] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010029f5b3 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4008] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 29, 00, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000100296390 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000100296640 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001002953d0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001030439e1 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000100291290 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001002911c0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000100292570 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000100291000 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001002910a0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000100292510 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001030516bc .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001002923a0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000103051711 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 04, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001002991f0 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000100299080 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 05, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000100291d10 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010303f5b3 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 03, 03, C3] .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe[4036] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000100146390 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000100146640 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001001453d0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001003939e1 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000100141290 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001001411c0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000100142570 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000100141000 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001001410a0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000100142510 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 38] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 39] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 39, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000100141d10 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010038f5b3 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 38, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001003a16bc .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001001423a0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 00000001003a1711 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001001491f0 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000100149080 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 3A, 00, C3] .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[4052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000100216390 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000100216640 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001002153d0 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001032d39e1 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 0000000100211290 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001002111c0 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 0000000100212570 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 0000000100211000 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001002110a0 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 0000000100212510 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 2D, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000100211d10 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 00000001032cf5b3 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 2C, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001032e16bc .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001002123a0 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 00000001032e1711 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001002191f0 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 0000000100219080 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 2E, 03, C3] .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\r2c\mirc.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001001c6390 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001001c6640 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001001c53d0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 0000000101f739e1 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 00000001001c1290 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001001c11c0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 00000001001c2570 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 00000001001c1000 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001001c10a0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 00000001001c2510 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001001c91f0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 00000001001c9080 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 00000001001c1d10 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 0000000101f6f5b3 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, F6, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\DNSAPI.dll!DnsQuery_W 000000006d69e792 5 bytes JMP 00000001001c17e0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\DNSAPI.dll!DnsQuery_A 000000006d6baaac 5 bytes JMP 00000001001c16f0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 3 bytes JMP 0000000101f816bc .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpSendRequestW + 4 00000000766ceebf 1 byte [8B] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001001c23a0 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, F8, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000101f81711 .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\WINMM.dll!PlaySoundW 0000000072642d12 6 bytes [68, 05, 3D, F7, 01, C3] .text C:\Windows\SysWOW64\87p3MrKn.exe[2004] C:\Windows\SysWOW64\WINMM.dll!PlaySound 0000000072663dad 6 bytes [68, DE, 3C, F7, 01, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001001c6390 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001001c6640 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001001c53d0 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001007539e1 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 00000001001c1290 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001001c11c0 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 00000001001c2570 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 00000001001c1000 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001001c10a0 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 00000001001c2510 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 00000001001c1d10 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010074f5b3 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 74] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 74, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 75] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 75, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001007616bc .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001001c23a0 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000100761711 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001001c91f0 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 00000001001c9080 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 76, 00, C3] .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\System\win32.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 00000001001c6390 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 00000001001c6640 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001001c53d0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 5 bytes JMP 00000001038439e1 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000764b22fb 5 bytes JMP 00000001001c1290 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000764bca6e 5 bytes JMP 00000001001c11c0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!MoveFileW 00000000764c98bd 5 bytes JMP 00000001001c2570 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!CopyFileA 00000000764d5f17 5 bytes JMP 00000001001c1000 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!CopyFileW 00000000764d6a34 5 bytes JMP 00000001001c10a0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\kernel32.dll!MoveFileA 000000007652db21 5 bytes JMP 00000001001c2510 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 84, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 00000001001c1d10 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 5 bytes JMP 000000010383f5b3 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 83, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 5 bytes JMP 00000001038516bc .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001001c23a0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 85, 03, C3] .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 5 bytes JMP 0000000103851711 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000076f248a6 5 bytes JMP 00000001001c91f0 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000076f24a80 5 bytes JMP 00000001001c9080 .text C:\Users\Toshiba\AppData\Local\Akamai\netsession_win.exe[4204] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 85, 03, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\ADVAPI32.DLL!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\ADVAPI32.DLL!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 29] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 2A, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 2A] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 29, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 2B, 00, C3] .text C:\Windows\system\lsass.exe[5064] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 2B, 00, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 81, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 80, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 82, 03, C3] .text C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe[936] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 82, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 17, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 16, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 16, 03, C3] ? C:\Windows\system32\mssprxy.dll [2348] entry point in ".rdata" section 00000000742f71e6 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2348] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 18, 03, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x274e28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x274e68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x274da8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x274d28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x274f28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x274f68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x274ee8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x274ea8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x274c68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x274ca8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x274c28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x274de8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x274d68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x274ce8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x103ae28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x103ae68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x103ada8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x103ad28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x103af28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x103af68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x103aee8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x103aea8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x103ac68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x103aca8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x103ac28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x103ade8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x103ad68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x103ace8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x34b628; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x34b668; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x34b5a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x34b528; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x34b728; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x34b768; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x34b6e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x34b6a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x34b468; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x34b4a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x34b428; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x34b5e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x34b568; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x34b4e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x308228; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x308268; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x3081a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x308128; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x308328; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x308368; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x3082e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x3082a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x308068; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x3080a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x308028; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x3081e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x308168; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x3080e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5912] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0xeab628; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0xeab668; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0xeab5a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0xeab528; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0xeab728; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0xeab768; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0xeab6e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0xeab6a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0xeab468; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0xeab4a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0xeab428; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0xeab5e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0xeab568; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0xeab4e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 6 bytes [68, BC, 38, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 6 bytes [68, 84, F9, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 6 bytes [68, C3, F9, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 6 bytes [68, E9, F8, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 6 bytes [68, 79, F8, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 6 bytes [68, E5, FE, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 6 bytes [68, 29, F9, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 6 bytes [68, 96, 68, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 0D, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 0E, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[2392] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 0C, 02, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x8c0e28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x8c0e68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x8c0da8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x8c0d28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x8c0f28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x8c0f68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x8c0ee8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x8c0ea8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x8c0c68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x8c0ca8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x8c0c28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x8c0de8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x8c0d68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x8c0ce8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0xee3e28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0xee3e68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0xee3da8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0xee3d28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0xee3f28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0xee3f68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0xee3ee8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0xee3ea8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0xee3c68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0xee3ca8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0xee3c28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0xee3de8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0xee3d68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0xee3ce8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 05] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[4532] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x270628; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x270668; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x2705a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x270528; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x270728; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x270768; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x2706e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x2706a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x270468; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x2704a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x270428; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x2705e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x270568; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x2704e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 05] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[3304] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\adstop.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0xd9de28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0xd9de68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0xd9dda8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0xd9dd28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0xd9df28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0xd9df68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0xd9dee8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0xd9dea8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0xd9dc68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0xd9dca8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0xd9dc28; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0xd9dde8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0xd9dd68; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0xd9dce8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 05] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5156] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007753f941 7 bytes {MOV EDX, 0x866228; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007753fb85 7 bytes {MOV EDX, 0x866268; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007753fbb5 7 bytes {MOV EDX, 0x8661a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007753fbcd 7 bytes {MOV EDX, 0x866128; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007753fbe5 7 bytes {MOV EDX, 0x866328; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007753fc15 7 bytes {MOV EDX, 0x866368; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007753fc95 7 bytes {MOV EDX, 0x8662e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007753fcad 7 bytes {MOV EDX, 0x8662a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007753fcf9 7 bytes {MOV EDX, 0x866068; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007753fdf1 7 bytes {MOV EDX, 0x8660a8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077540049 7 bytes {MOV EDX, 0x866028; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077541055 7 bytes {MOV EDX, 0x8661e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000775410cd 7 bytes {MOV EDX, 0x866168; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000775412d1 7 bytes {MOV EDX, 0x8660e8; JMP RDX} .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 05] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 06] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 06, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 05, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 07, 00, C3] .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\AppData\Local\Google\Chrome\Application\chrome.exe[5440] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007753f9d0 5 bytes JMP 0000000100106390 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007753fd28 5 bytes JMP 0000000100106640 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007753fff8 5 bytes JMP 00000001001053d0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes JMP 0000000100105300 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW 00000000764b1e2c 6 bytes JMP 5f070f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\ADVAPI32.dll!RegQueryValueExW 000000007701bcd5 6 bytes JMP 5f0a0f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExW 000000007701bec4 6 bytes JMP 5f040f5a .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076308b9a 5 bytes JMP 0000000168a9818f .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 0B] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000763206b3 5 bytes JMP 0000000168a44643 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076322a3e 5 bytes JMP 0000000168bbfe70 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076322a62 5 bytes JMP 00000001689b4ba7 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007632f006 5 bytes JMP 0000000168a89d8c .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076330efc 5 bytes JMP 0000000168aa83a2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 0C, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007634cc1a 5 bytes JMP 0000000168bbfe0d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007634cf72 5 bytes JMP 0000000168bbfed3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007635fd61 5 bytes JMP 0000000168bbfda2 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007635fe2d 5 bytes JMP 0000000168bbfd37 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007635fe66 5 bytes JMP 0000000168bbfcd5 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007635fe8a 5 bytes JMP 0000000168bbfc73 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 0C] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000752b5bf6 5 bytes JMP 0000000168bc01c3 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\ole32.dll!CoCreateInstance 000000007530590c 5 bytes JMP 0000000168a98c7d .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075143e59 5 bytes JMP 0000000168bc022b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075143eae 5 bytes JMP 0000000168bc0da5 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075144731 5 bytes JMP 0000000168bc0d0b .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075145dee 5 bytes JMP 0000000168bc0d56 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000751a940c 5 bytes JMP 0000000168bc09d9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000076d360f5 5 bytes JMP 0000000100101d10 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes JMP 0000000100107250 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 0B, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes JMP 0000000100102160 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000766e90fc 5 bytes JMP 00000001001023a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 0D, 00, C3] .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes JMP 00000001001020a0 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 0000000071c07c30 5 bytes JMP 0000000168bc1396 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 0000000071ca7bb2 5 bytes JMP 0000000168bc1437 .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6136] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076cb9a4c 5 bytes JMP 0000000168bc0b0b .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 19] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 1A] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 19, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000774f1401 2 bytes JMP 764ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000774f1419 2 bytes JMP 764db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000774f1431 2 bytes JMP 76558609 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000774f144a 2 bytes CALL 764b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000774f14dd 2 bytes JMP 76557efe C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000774f14f5 2 bytes JMP 765580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000774f150d 2 bytes JMP 76557df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000774f1525 2 bytes JMP 765581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000774f153d 2 bytes JMP 764cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000774f1555 2 bytes JMP 764db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000774f156d 2 bytes JMP 765586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000774f1585 2 bytes JMP 76558222 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000774f159d 2 bytes JMP 76557db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000774f15b5 2 bytes JMP 764cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000774f15cd 2 bytes JMP 764db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000774f16b2 2 bytes JMP 76558584 C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\OTL.exe[2216] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000774f16bd 2 bytes JMP 76557d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775408ac 4 bytes [68, BC, 38, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775408b1 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007755243d 6 bytes [68, 04, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007755c096 6 bytes [68, E1, 39, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000775628b3 6 bytes [68, 4A, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077583f44 6 bytes [68, 90, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 0000000077598954 6 bytes [68, D6, 69, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 00000000764b32f2 6 bytes [68, 4A, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\kernel32.dll!ExitProcess 00000000764b734e 6 bytes [68, 09, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetDC 0000000076307246 4 bytes [68, 84, F9, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007630724b 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007630730e 6 bytes [68, 02, FA, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000763079d8 4 bytes [68, C3, F9, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000763079dd 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000076307d79 6 bytes [68, 1D, A4, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076307e92 6 bytes [68, 2E, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007630811b 6 bytes [68, 56, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000076308bd6 6 bytes [68, 08, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000076309ed3 6 bytes [68, A2, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007630dd6d 6 bytes [68, F4, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076310112 6 bytes [68, 7E, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000076310abb 6 bytes [68, 3A, 6B, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000076310e0d 6 bytes [68, 61, FE, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!EndPaint 0000000076310e9a 4 bytes [68, E9, F8, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000076310e9f 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076310eba 4 bytes [68, 79, F8, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000076310ebf 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000076312bc7 6 bytes [68, 2F, FE, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetCapture 0000000076312dbd 6 bytes [68, 8F, FF, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000076312ec4 6 bytes [68, 3F, FF, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!SetCapture 0000000076312ed1 4 bytes [68, E5, FE, 19] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000076312ed6 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000076313001 4 bytes [68, 29, F9, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000076313006 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000076314b80 6 bytes [68, 55, 6C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000076317af4 6 bytes [68, 83, 6B, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007631808f 6 bytes [68, 65, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000763181e0 6 bytes [68, F4, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000076318632 6 bytes [68, 1C, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000076318807 6 bytes [68, AE, 6A, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007632ed58 6 bytes [68, A9, 00, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007632f1fe 6 bytes [68, D5, FA, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007633011b 6 bytes [68, 42, FA, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000763497e4 6 bytes [68, E6, 68, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076349c8d 6 bytes [68, A8, FE, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000076349f3b 6 bytes [68, CC, A5, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007636895b 4 bytes [68, 96, 68, 1A] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000076368960 1 byte [C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 000000007700bbdb 6 bytes [68, C7, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 00000000770414fd 6 bytes [68, B0, 3C, 1A, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000076d33bed 6 bytes [68, 7B, F5, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000076d36737 6 bytes [68, 8C, F1, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000076d368a7 6 bytes [68, D4, F5, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WS2_32.dll!send 0000000076d3c4c8 6 bytes [68, B3, F5, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000076d47133 6 bytes [68, 1C, F1, 19, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 0000000076e00d60 6 bytes [68, 51, 1D, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000766cc846 6 bytes [68, 36, 19, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 00000000766ccbca 6 bytes [68, D6, 1A, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000766ce26c 6 bytes [68, A3, 19, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000766ceebb 6 bytes [68, BC, 16, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000766d0402 6 bytes [68, 78, 16, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000766d05db 6 bytes [68, 34, 16, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000766d41d3 6 bytes [68, AA, 1A, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000766e8e50 6 bytes [68, 66, 17, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 00000000766e8f7b 6 bytes [68, A0, 18, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000766f12f9 6 bytes [68, D1, 19, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007672ce83 6 bytes [68, 50, 1A, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000767401fa 6 bytes [68, 03, 18, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007674027d 6 bytes [68, EB, 18, 1B, 00, C3] .text C:\Users\Toshiba\Downloads\7lbo4qf0.exe[3568] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000767402e0 6 bytes [68, 11, 17, 1B, 00, C3] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff880010f9650] \SystemRoot\System32\Drivers\spis.sys [unknown section] IAT C:\Windows\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010f95dc] \SystemRoot\System32\Drivers\spis.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010c435c] \SystemRoot\System32\Drivers\spis.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010c4224] \SystemRoot\System32\Drivers\spis.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010c4a24] \SystemRoot\System32\Drivers\spis.sys [unknown section] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010c4ba0] \SystemRoot\System32\Drivers\spis.sys [unknown section] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortCopyMemory] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortCompleteRequest] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortNotification] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortQuerySystemTime] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortReadPortBufferUshort] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortInitialize] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortGetPhysicalAddress] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortStallExecution] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortReadPortUchar] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortDeviceStateChange] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortWritePortUchar] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortEtwTraceLog] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortGetUnCachedExtension] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortWritePortUlong] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortWritePortBufferUshort] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortGetDeviceBase] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortGetScatterGatherList] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortGetParentBusType] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[ataport.SYS!AtaPortRequestCallback] [?] IAT C:\Windows\System32\Drivers\ac3r08r3.SYS[NTOSKRNL.exe!KeBugCheckEx] [?] ---- User IAT/EAT - GMER 2.1 ---- IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fefb0c741c] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fefb0c5f10] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fefb0c5674] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fefb0c5e2c] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fefb0c7f48] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fefb0c6a38] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fefb0c6ee8] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fefb0c7b58] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fefb0c7ea0] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fefb0c78b0] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fefb0c4fb4] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fefb0c5d38] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2976] @ c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fefb0c7584] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa80049ce2c0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort1 fffffa80049ce2c0 ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification Device \Driver\atapi \Device\Ide\IdePort2 fffffa80049ce2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80049ce2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80049ce2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80049ce2c0 Device \Driver\ac3r08r3 \Device\Scsi\ac3r08r31Port8Path0Target0Lun0 fffffa80054362c0 Device \Driver\ac3r08r3 \Device\Scsi\ac3r08r31 fffffa80054362c0 Device \FileSystem\Ntfs \Ntfs fffffa80049d42c0 Device \Driver\usbehci \Device\USBFDO-7 fffffa80056142c0 Device \Driver\ac3r08r3 \Device\ScsiPort8 fffffa80054362c0 Device \Driver\usbuhci \Device\USBPDO-5 fffffa8004b262c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80056142c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa8004b262c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004cfd2c0 Device \Driver\cdrom \Device\CdRom1 fffffa8004cfd2c0 Device \Driver\usbuhci \Device\USBPDO-6 fffffa8004b262c0 Device \Driver\usbuhci \Device\USBFDO-4 fffffa8004b262c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa8004b262c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa8004b262c0 Device \Driver\usbehci \Device\USBPDO-7 fffffa80056142c0 Device \Driver\usbuhci \Device\USBFDO-5 fffffa8004b262c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80056142c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa8004b262c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80049c82c0 Device \Driver\volmgr \Device\FtControl fffffa80049c82c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80049c82c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80049c82c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80049c82c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800516c2c0 Device \Driver\usbuhci \Device\USBFDO-6 fffffa8004b262c0 Device \Driver\usbuhci \Device\USBPDO-4 fffffa8004b262c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa8004b262c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80049ce2c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa8004b262c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80049ce2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80049ce2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6859487E-ECAA-4A8D-A2CA-0362F2E1A17D} fffffa800516c2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{119B7BBB-2ECF-48F1-900B-18A0427F4FAC} fffffa800516c2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80049ce2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80049ce2c0]<< spis.sys ataport.SYS fffffa80049ce2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c7c060] fffffa8004c7c060 Trace 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c79060] fffffa8004c79060 Trace 5 thpdrv.sys[fffff880019de0d0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004b88680] fffffa8004b88680 Trace \Driver\atapi[0xfffffa8004b25320] -> IRP_MJ_CREATE -> 0xfffffa80049ce2c0 fffffa80049ce2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\ac3r08r3.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)(2009-07-13 23:19:47) fffff88004185000-fffff880041ca000 (282624 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3980:4020] 00000000002de880 Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3980:2900] 00000000002de990 Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3980:4028] 00000000002de770 Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3980:1296] 00000000002dfc90 Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [3980:4076] 00000000002ddd20 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5968:6040] 000007fefb9a2a74 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5968:6048] 000007feed3fc0b0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0xCA 0x65 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x5E 0x87 0x23 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0x5B 0x3D 0x31 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC6 0xCA 0x65 0xD2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xEC 0x5E 0x87 0x23 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB0 0x5B 0x3D 0x31 ... ---- EOF - GMER 2.1 ----