GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-06 16:44:28 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST332062 rev.3.AA 298,09GB Running: tsqmcnp6.exe; Driver: C:\DOCUME~1\Maria\USTAWI~1\Temp\kgriikow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xACCBE610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xACDC55FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xACCBF0E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xACD02B36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xACCCAF18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xACCCAF64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xACCCB0FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xACD024EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xACCCAE86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xACCCAFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xACCCAECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xACCBF5E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xACCCB0B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xACCBFE9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xACCBE676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xACD031FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xACD034B2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xACCC3596] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xACD03067] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xACD02ED2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xACDC56C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xACCBE25E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xACCBE6DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xACCC398C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xACCC092C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xACCCAF42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xACCCAF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xACCCB122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xACD02846] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xACCCAEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xACCC2E78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xACCCB036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xACCCAEF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xACCC326E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xACCCB0DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xACDC5822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xACD02D4D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xACCC07F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xACD02B9F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xACCC034E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xACDD2744] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xACD01B30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xACCBE742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xACCBE7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xACCBFD16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xACCBE2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xACCBE4CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xACD03303] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xACCBE45C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xACCC0066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xACCC01C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xACCBE556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xACCBFB54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xACCBFCF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xACDC3C42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xACCBE80E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xACCBF142] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xACDDEE00] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D2C 80504614 4 Bytes JMP B0ACD024 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [42, E7, CB, AC, A8, E7, CB, ...] {INC EDX; OUT 0xcb, EAX; LODSB ; TEST AL, 0xe7; RETF ; LODSB ; PUSH SS; STD ; RETF ; LODSB } .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [66, 00, CC, AC, C8, 01, CC, ...] {ADD AH, CL; LODSB ; ENTER 0xcc01, 0xac; PUSH ESI; IN EAX, 0xcb; LODSB } .text ntkrnlpa.exe!ZwCallbackReturn + 30B8 805049A0 4 Bytes CALL B504F670 PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL ACCC0FD9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP ACDDBC9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP ACDDD7B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D11CA 7 Bytes JMP ACDDEE04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB93D3000, 0x1E2E7A, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD027A00] .text win32k.sys!EngFreeUserMem + 674 BF809985 5 Bytes JMP ACCC5284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8E1 5 Bytes JMP ACCC5162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8139AC 5 Bytes JMP ACCC5116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E659 5 Bytes JMP ACCC3BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF820D66 5 Bytes JMP ACCC46EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82D580 5 Bytes JMP ACCC3D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82E6FE 5 Bytes JMP ACCC53FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83908A 5 Bytes JMP ACCC5614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8EC BF841AF2 5 Bytes JMP ACCC500A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0A8 BF8442AE 5 Bytes JMP ACCC46CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F624 BF84582A 5 Bytes JMP ACCC3DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86C704 5 Bytes JMP ACCC47C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF86E9E2 5 Bytes JMP ACCC422C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF86EA6D 5 Bytes JMP ACCC4508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF86F643 5 Bytes JMP ACCC3AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF874A21 5 Bytes JMP ACCC51B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67EE BF87BC4B 5 Bytes JMP ACCC533C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CF8 5 Bytes JMP ACCC42F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF898835 5 Bytes JMP ACCC44C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B5921 5 Bytes JMP ACCC47E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B903F 5 Bytes JMP ACCC556C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 35C2 BF8C1BCF 5 Bytes JMP ACCC3F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A596 BF8EB15E 5 Bytes JMP ACCC470A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFC1F 5 Bytes JMP ACCC39C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1DEE 5 Bytes JMP ACCC4008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F206E 5 Bytes JMP ACCC4150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF9149B2 5 Bytes JMP ACCC3CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEC BF914C5E 5 Bytes JMP ACCC488C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF915586 5 Bytes JMP ACCC3EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F95 BF917F07 5 Bytes JMP ACCC4628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1925 BF948464 5 Bytes JMP ACCC54BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\svchost.exe[172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[172] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\svchost.exe[172] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\svchost.exe[172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\System32\svchost.exe[172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\System32\svchost.exe[172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\System32\svchost.exe[172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\System32\svchost.exe[172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\WINDOWS\system32\spoolsv.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EDBE .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EE2F .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF5D .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00551014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00550804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00550A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00550C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00550E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00550600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00560804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00560A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00560600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005603FC .text C:\WINDOWS\system32\svchost.exe[448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[448] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9125B6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912627 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912755 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 007F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 007F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 007F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 007F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 007F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 007F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00800804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00800A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00800600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008003FC .text C:\Program Files\Java\jre7\bin\jqs.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[924] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A562 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A5D3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A701 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, CF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00FE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00FE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00FF1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00FF0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00FF0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00FF0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00FF0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00FF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00FF03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00FF0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01000804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01000A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01000600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010003FC .text C:\WINDOWS\system32\Ati2evxx.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1560] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 50, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 53, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 50, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 51, 73, 00] {TEST AL, 0x51; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91496A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 52, 73, 00] {TEST AL, 0x52; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 51, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 52, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9149DB .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 50, 73, 00] {TEST AL, 0x50; JAE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914B09 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 51, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 52, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 53, 73, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00A203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A31014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A30804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A30A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A30C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A30E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A30600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A40804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A40A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A40600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A403FC .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1832] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[1860] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 6C, BB, 00] {SUB [EBX+EDI*4+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 6F, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 6C, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 6D, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919186 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 6E, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 6D, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 6E, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9191F7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 6C, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B919325 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 6D, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 6E, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 6F, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EA01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00EA03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00EB1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00EB0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00EB0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00EB0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00EB0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00EB01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00EB03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00EB0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00EC0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00EC0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00EC0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00EC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1876] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00EC03FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1948] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\WgaTray.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\WgaTray.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2004] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2188] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91261A .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91268B .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9127B9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 50, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00801014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00800804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00800A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00800C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00800E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00800600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00810804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00810A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00810600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2336] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008103FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2448] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CA0E .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CA7F .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CBAD .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, F3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 012203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01231014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01230804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01230A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01230C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01230E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 012301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 012303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01230600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01240804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01240A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01240600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2512] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2612] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004C0804 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004C0A08 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004C0600 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004C01F8 .text C:\Program Files\Analog Devices\SoundMAX\smax4.exe[3268] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004C03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3308] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\WINDOWS\system32\ctfmon.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[3332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[3332] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\ctfmon.exe[3332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\ctfmon.exe[3332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\WINDOWS\system32\ctfmon.exe[3332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\WINDOWS\system32\ctfmon.exe[3332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\WINDOWS\system32\ctfmon.exe[3332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\WINDOWS\system32\ctfmon.exe[3332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\Program Files\Messenger\msmsgs.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\Program Files\Messenger\msmsgs.exe[3340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[3340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\Program Files\Messenger\msmsgs.exe[3340] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\Program Files\Messenger\msmsgs.exe[3340] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Messenger\msmsgs.exe[3340] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\Program Files\Messenger\msmsgs.exe[3340] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\Program Files\Messenger\msmsgs.exe[3340] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\Program Files\Messenger\msmsgs.exe[3340] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\Program Files\Messenger\msmsgs.exe[3340] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00451014 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00450C0C .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00450E10 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004503FC .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3348] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00450600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3388] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00501014 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00500804 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00500A08 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00500C0C .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00500E10 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005001F8 .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005003FC .text C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[3416] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00500600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DBBA .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DC2B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DD59 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, 05, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01351014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01350804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01350A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01350C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01350E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 013501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 013503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01350600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01360804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01360A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01360600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912D0A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912D7B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F0, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912EA9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F1, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F2, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F3, 56, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00861014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00860804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00860A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00860C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00860E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00860600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00870804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00870A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00870600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3656] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 64, 4F, 00] {SUB [EDI+ECX*2+0x0], AH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 67, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 64, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 65, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91257E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 66, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 65, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 66, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9125EF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 64, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91271D .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 65, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 66, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 67, 4F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 007E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 007E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 007F1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 007F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 007F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 007F0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 007F0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 007F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00800804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00800A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00800600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3676] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 8C, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8F, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 8C, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 8D, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B917CA6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8E, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 8D, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8E, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917D17 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 8C, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917E45 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 8D, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8E, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8F, A6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00D501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00D503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00D61014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00D60804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00D60A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00D60C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00D60E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00D601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00D603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00D60600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D70804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00D70A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00D70600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00D701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00D703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, D3, 00] {TEST AL, 0x41; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A95A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, D3, 00] {TEST AL, 0x42; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A9CB .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, D3, 00] {TEST AL, 0x40; ROL [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91AAF9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01021014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01020804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01020A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01020C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01020E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010201F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010203FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01020600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01030804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01030A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01030600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010303FC .text C:\Program Files\Java\jre7\bin\java.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003301F8 .text C:\Program Files\Java\jre7\bin\java.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\java.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003303FC .text C:\Program Files\Java\jre7\bin\java.exe[4032] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00341014 .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00340804 .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00340A08 .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00340C0C .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00340E10 .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003401F8 .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003403FC .text C:\Program Files\Java\jre7\bin\java.exe[4032] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00340600 .text C:\Program Files\Java\jre7\bin\java.exe[4032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00350804 .text C:\Program Files\Java\jre7\bin\java.exe[4032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00350A08 .text C:\Program Files\Java\jre7\bin\java.exe[4032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00350600 .text C:\Program Files\Java\jre7\bin\java.exe[4032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003501F8 .text C:\Program Files\Java\jre7\bin\java.exe[4032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003503FC .text C:\Documents and Settings\Maria\Moje dokumenty\Downloads\tsqmcnp6.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Maria\Moje dokumenty\Downloads\tsqmcnp6.exe[4052] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002B0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00630010 IAT C:\WINDOWS\system32\services.exe[1016] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1016] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E30010 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1792] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00870010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CF0010 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1948] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00640010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01080010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3500] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01190010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3656] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 006A0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3676] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00630010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00BA0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3828] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E60010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 2.1 ----