GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-03 15:23:04 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1200BEVS-22UST0 rev.01.01A01 111,79GB Running: xkrvnujx.exe; Driver: C:\DOCUME~1\edward\USTAWI~1\Temp\uxndykow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xA9A1880A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xA9A17D8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xA9A18470] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xA9A1907E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreatePort [0xA9A17C66] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xA9A1B13C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xA9A1B4C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xA9A17652] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xA9A189F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xA9A18BF6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xA9A17458] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xA9A197BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xA9A19A12] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xA9A1AB4C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xA9A18052] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xA9A1864C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xA9A1906E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xA9A17086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xA9A182F6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xA9A1728A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xA9A19C20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xA9A1A074] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xA9A19E32] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xA9A195D4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRequestWaitReplyPort [0xA9A1A5E4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSecureConnectPort [0xA9A1A898] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xA9A18E46] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xA9A1AE44] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xA9A1934C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xA9A17FBC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xA9A181E2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xA9A17A68] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xA9A17856] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[160] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[592] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[604] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[756] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[820] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[852] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0050A8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[852] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00522180 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[880] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1016] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[1060] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1204] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1316] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[1376] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\HPZipm12.exe[1532] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1568] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1600] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wdfmgr.exe[1632] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1680] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] WININET.DLL!InternetConnectA 4363499A 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] WININET.DLL!InternetConnectW 43635B88 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] OLE32.DLL!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[1728] OLE32.DLL!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe[1852] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] WININET.dll!InternetConnectA 4363499A 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\WgaTray.exe[1968] WININET.dll!InternetConnectW 43635B88 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2020] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2044] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] WININET.dll!InternetConnectA 4363499A 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] WININET.dll!InternetConnectW 43635B88 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[2060] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00937790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0093CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 0093CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 0093CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 0093CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [B6, 88, CC, CC] {MOV DH, 0x88; INT 3 ; INT 3 } .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxtray.exe[2328] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00937790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0093CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 0093CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 0093CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 0093CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [B6, 88, CC, CC] {MOV DH, 0x88; INT 3 ; INT 3 } .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\hkcmd.exe[2348] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxpers.exe[2364] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[2412] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\igfxsrvc.exe[2428] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2604] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 007441A0 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WININET.dll!InternetConnectA 4363499A 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] WININET.dll!InternetConnectW 43635B88 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2612] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[2636] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] WININET.dll!InternetConnectA 4363499A 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\All Users\Dane aplikacji\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe[2660] WININET.dll!InternetConnectW 43635B88 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2680] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2752] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2784] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00A3CE00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00A2CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00A3CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00A3CE80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 00A3CE60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 00A3CE20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 00A3C490 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 00A3CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 00A3CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A3C440 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 00A3CD60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 00A3CD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00A3CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 00A3C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A3A630 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A2CE40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 00A3CD40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A3CC80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A3CA20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00A3CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A3CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A3CA80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A37790 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A38320 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00A3CD20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00A3CA60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 00A3CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 00A3CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A3CC60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 00A3CB20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A3CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 00A3CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 00A3CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A3CC40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A3CC20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 00A3CB00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00A3CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 00A3CB60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A3CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 00A3CB40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 00A3CB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 00A3CC00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00A3CA40 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 00A3CD00 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 00A3D830 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [C6, 88, CC, CC] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 00A362C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 00A3D590 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 00A36BF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 00A3DD80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 00A3DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A3E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 00A3E840 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 00A3E600 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] WS2_32.dll!WSASocketW 71A5404E 7 Bytes JMP 00A3C920 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2840] WS2_32.dll!WSASocketA 71A58B6A 5 Bytes JMP 00A3C940 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!OpenServiceW 77DD6FDD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!OpenServiceW + 3 77DD6FE0 4 Bytes [25, 98, CC, CC] .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!CreateProcessAsUserW 77DDA889 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!OpenServiceA 77DE4C36 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!CreateProcessAsUserA 77E00C80 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!CreateServiceA 77E271E9 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ADVAPI32.dll!CreateServiceW 77E27381 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ole32.dll!CoCreateInstanceEx 774F0526 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] ole32.dll!CoGetClassObject 775056C5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\edward\Pulpit\xkrvnujx.exe[2912] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x7F 0x9C 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x08 0x24 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xEE 0x22 0x50 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x7F 0x9C 0xA5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x08 0x24 0x5D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xEE 0x22 0x50 ... Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\11\Shell@WinPos1280x800(1).left 117 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\11\Shell@WinPos1280x800(1).top 145 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\11\Shell@WinPos1280x800(1).right 917 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\11\Shell@WinPos1280x800(1).bottom 745 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\110\Shell@WinPos1280x800(1).left 117 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\110\Shell@WinPos1280x800(1).top 145 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\110\Shell@WinPos1280x800(1).right 917 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\110\Shell@WinPos1280x800(1).bottom 745 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\110\Shell@Vid {65F125E5-7BE1-4810-BA9D-D271C8432CE3} Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\110\Shell@Mode 6 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\111\Shell@WinPos1280x800(1).left 117 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\111\Shell@WinPos1280x800(1).top 145 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\111\Shell@WinPos1280x800(1).right 917 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\111\Shell@WinPos1280x800(1).bottom 745 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\111\Shell@Vid {65F125E5-7BE1-4810-BA9D-D271C8432CE3} Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\111\Shell@Mode 6 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@WFlags 2 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\2\Shell@ShowCmd 3 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\56\Shell@WFlags 2 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\56\Shell@ShowCmd 3 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\75\Shell@WFlags 2 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\75\Shell@ShowCmd 3 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\95\Shell@WFlags 2 Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\95\Shell@ShowCmd 3 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----