GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-21 22:08:50 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_01 Running: y7ppq85e.exe; Driver: C:\Users\JANU~1\AppData\Local\Temp\kxldypog.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x89C9BD48] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x89C9BD72] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x89C9BD5E] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x89C9BD34] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKey + 13CD 8344AA09 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8346A512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!ZwYieldExecution 834B2DC2 5 Bytes JMP 89C9BD38 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) .xreloc C:\Windows\System32\drivers\sfsync04.sys unknown last section [0x89ACF000, 0xC5E, 0x40000040] .text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xAD886400, 0x87EE2, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAD92A620] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xAD92A620] .protectÿÿÿÿhardlockunknown last code section [0xAD92A400, 0x5126, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xAD92A400, 0x5126, 0xE0000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\services.exe[540] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00340FEF .text C:\Windows\system32\services.exe[540] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 0034001B .text C:\Windows\system32\services.exe[540] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00340000 .text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00200F8A .text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00200F39 .text C:\Windows\system32\services.exe[540] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 00200F54 .text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 0020002C .text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00200FB6 .text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 0020008E .text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00200073 .text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 0020001B .text C:\Windows\system32\services.exe[540] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00200000 .text C:\Windows\system32\services.exe[540] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 00200F1E .text C:\Windows\system32\services.exe[540] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 002000CE .text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00200047 .text C:\Windows\system32\services.exe[540] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00200058 .text C:\Windows\system32\services.exe[540] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 002000B3 .text C:\Windows\system32\services.exe[540] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 00200FE5 .text C:\Windows\system32\services.exe[540] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 00200F79 .text C:\Windows\system32\services.exe[540] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00200FA5 .text C:\Windows\system32\services.exe[540] msvcrt.dll!_open 768C7E48 5 Bytes JMP 009C0FEF .text C:\Windows\system32\services.exe[540] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 009C0031 .text C:\Windows\system32\services.exe[540] msvcrt.dll!system 768FB16F 5 Bytes JMP 009C0FB0 .text C:\Windows\system32\services.exe[540] msvcrt.dll!_creat 768FED29 5 Bytes JMP 009C000C .text C:\Windows\system32\services.exe[540] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 009C0FC1 .text C:\Windows\system32\services.exe[540] msvcrt.dll!_wopen 76900570 5 Bytes JMP 009C0FD2 .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 009D0000 .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 009D0FC3 .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 009D0F97 .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 009D0FB2 .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 009D0FEF .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 009D0F72 .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 009D002F .text C:\Windows\system32\services.exe[540] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 009D0FD4 .text C:\Windows\system32\services.exe[540] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00A6000A .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00C20FEF .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 00C20FC3 .text C:\Windows\system32\lsass.exe[556] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00C20FD4 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00BD0F43 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00BD00B3 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 00BD0098 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 00BD0025 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00BD005B .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 00BD0040 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00BD0F8D .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 00BD0FDE .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00BD0FEF .text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 00BD00CE .text C:\Windows\system32\lsass.exe[556] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 00BD0F28 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00BD0FB9 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00BD0F9E .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 00BD0F5E .text C:\Windows\system32\lsass.exe[556] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 00BD0014 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 00BD0087 .text C:\Windows\system32\lsass.exe[556] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00BD006C .text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00C30000 .text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00C30F97 .text C:\Windows\system32\lsass.exe[556] msvcrt.dll!system 768FB16F 5 Bytes JMP 00C30FB2 .text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00C30FD7 .text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 00C30022 .text C:\Windows\system32\lsass.exe[556] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00C30011 .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 00C40000 .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00C40036 .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00C40F9E .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 00C40FB9 .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00C40FE5 .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 00C4005B .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00C4001B .text C:\Windows\system32\lsass.exe[556] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00C40FCA .text C:\Windows\system32\lsass.exe[556] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00CD0FEF .text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 002C0FEF .text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 002C0FCD .text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 002C0FDE .text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 002B00D1 .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 002B010E .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 002B00FD .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 002B0FDE .text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 002B008A .text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 002B0FB2 .text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 002B0065 .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 002B001B .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 002B000A .text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 002B0129 .text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 002B0F8D .text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 002B0FC3 .text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 002B004A .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 002B00B6 .text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 002B0FEF .text C:\Windows\system32\svchost.exe[708] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 002B00EC .text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 002B009B .text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_open 768C7E48 5 Bytes JMP 002D000C .text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 002D0FBE .text C:\Windows\system32\svchost.exe[708] msvcrt.dll!system 768FB16F 5 Bytes JMP 002D0049 .text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_creat 768FED29 5 Bytes JMP 002D001D .text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 002D002E .text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wopen 76900570 5 Bytes JMP 002D0FE3 .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 002E0000 .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 002E0065 .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 002E0FDE .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 002E0080 .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 002E001B .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 002E0091 .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 002E0FEF .text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 002E0036 .text C:\Windows\system32\svchost.exe[708] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00330000 .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 001E000A .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 001E0FEF .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 001E0025 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 001D00B0 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 001D0F36 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 001D0F51 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 001D0FD1 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 001D007A .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 001D0FA2 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 001D0055 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 001D0011 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 001D0000 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 001D00E6 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 001D0F6C .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 001D0033 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 001D0044 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 001D0F91 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 001D0022 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 001D00CB .text C:\Windows\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 001D009F .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_open 768C7E48 5 Bytes JMP 001F0FEF .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 001F0049 .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!system 768FB16F 5 Bytes JMP 001F0038 .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_creat 768FED29 5 Bytes JMP 001F0FD2 .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 001F001D .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wopen 76900570 5 Bytes JMP 001F0000 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 0024000A .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00240FCD .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00240FB2 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 0024004A .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00240FEF .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 00240FA1 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00240FDE .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00240025 .text C:\Windows\system32\svchost.exe[804] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00350000 .text C:\Windows\System32\svchost.exe[864] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00A9000A .text C:\Windows\System32\svchost.exe[864] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 00A90FDE .text C:\Windows\System32\svchost.exe[864] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00A90FEF .text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00640F54 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00640F1E .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 006400B3 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 00640FB9 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00640062 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 00640051 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00640036 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 00640FD4 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00640FEF .text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 006400CE .text C:\Windows\System32\svchost.exe[864] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 00640F39 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00640025 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00640F9E .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 00640F65 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 0064000A .text C:\Windows\System32\svchost.exe[864] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 006400A2 .text C:\Windows\System32\svchost.exe[864] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00640073 .text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00AA0000 .text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00AA0F8D .text C:\Windows\System32\svchost.exe[864] msvcrt.dll!system 768FB16F 5 Bytes JMP 00AA0022 .text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00AA0FCD .text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 00AA0FBC .text C:\Windows\System32\svchost.exe[864] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00AA0011 .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 00AB0FEF .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00AB0051 .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00AB0091 .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 00AB006C .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00AB000A .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 00AB00AC .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00AB0036 .text C:\Windows\System32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00AB0025 .text C:\Windows\System32\svchost.exe[864] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00AC0FE5 .text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00A80000 .text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 00A80FCA .text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00A80FE5 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00A70F61 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00A70F35 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 00A700CA .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 00A70014 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00A70079 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 00A70F97 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00A7004A .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 00A70FDE .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00A70FEF .text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 00A700DB .text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 00A70F46 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00A7002F .text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00A70FA8 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 00A70F7C .text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 00A70FC3 .text C:\Windows\System32\svchost.exe[928] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 00A700AF .text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00A7008A .text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00A90000 .text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00A90FAD .text C:\Windows\System32\svchost.exe[928] msvcrt.dll!system 768FB16F 5 Bytes JMP 00A90FBE .text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00A9001D .text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 00A90038 .text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00A90FE3 .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 00AA0000 .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00AA0FB9 .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00AA0054 .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 00AA0FA8 .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00AA001B .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 00AA006F .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00AA0FD4 .text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00AA0FE5 .text C:\Windows\System32\svchost.exe[928] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00E80000 .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00AD0000 .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 00AD0FE5 .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00AD0011 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00AC0F72 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00AC0F57 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 00AC00EC .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 00AC0040 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00AC0F83 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 00AC0FA8 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00AC005B .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 00AC0014 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00AC0FEF .text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 00AC0107 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 00AC00C0 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00AC0FCA .text C:\Windows\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00AC0FB9 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 00AC0091 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 00AC0025 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 00AC00D1 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00AC0080 .text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00B20FE3 .text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00B20042 .text C:\Windows\system32\svchost.exe[988] msvcrt.dll!system 768FB16F 5 Bytes JMP 00B20027 .text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00B2000C .text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 00B20FB7 .text C:\Windows\system32\svchost.exe[988] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00B20FD2 .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 00B30FEF .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00B30F9E .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00B30036 .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 00B30025 .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00B30FD4 .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 00B30047 .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00B30FB9 .text C:\Windows\system32\svchost.exe[988] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00B3000A .text C:\Windows\system32\svchost.exe[988] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00B40000 .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 005C0000 .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 005C0022 .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 005C0011 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 005B00B6 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 005B0F3C .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 005B0F57 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 005B001E .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 005B006F .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 005B0F97 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 005B0054 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 005B0FDE .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 005B0FEF .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 005B00F6 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 005B0F68 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 005B0FBC .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 005B0043 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 005B009B .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 005B0FCD .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 005B00D1 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 005B0080 .text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00610FEF .text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00610F97 .text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!system 768FB16F 5 Bytes JMP 00610FB2 .text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00610018 .text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 00610FC3 .text C:\Windows\system32\svchost.exe[1144] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00610FDE .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 00A40FEF .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00A40039 .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00A4004A .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 00A40FA8 .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00A40FDE .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 00A40065 .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00A40FC3 .text C:\Windows\system32\svchost.exe[1144] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00A40014 .text C:\Windows\system32\svchost.exe[1144] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00AA0FEF .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00590000 .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 00590FCA .text C:\Windows\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00590FEF .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 004F0F79 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 004F0F4D .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 004F0F68 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 004F002C .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 004F0087 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 004F0062 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 004F0FA5 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 004F0FE5 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 004F0000 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 004F00FD .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 004F00C7 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 004F0FC0 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 004F0047 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 004F0F8A .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 004F001B .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 004F00D8 .text C:\Windows\system32\svchost.exe[1340] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 004F0098 .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00620000 .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00620FA8 .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!system 768FB16F 5 Bytes JMP 0062003D .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00620FD7 .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 0062002C .text C:\Windows\system32\svchost.exe[1340] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00620011 .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 00630000 .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 0063002C .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00630F9B .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 0063003D .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00630011 .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 0063004E .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00630FCA .text C:\Windows\system32\svchost.exe[1340] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00630FDB .text C:\Windows\system32\svchost.exe[1340] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00640000 .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 0136000A .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 01360FE5 .text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 0136001B .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 005A0F91 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 005A0F6F .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 005A00FA .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 005A003D .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 005A00A9 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 005A008E .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 005A007D .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 005A0011 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 005A0000 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 005A0F54 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 005A0F80 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 005A0FD1 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 005A0058 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 005A00BA .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 005A002C .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 005A00E9 .text C:\Windows\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 005A0FB6 .text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_open 768C7E48 5 Bytes JMP 013B0FE3 .text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 013B0036 .text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!system 768FB16F 5 Bytes JMP 013B0FA1 .text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_creat 768FED29 5 Bytes JMP 013B0011 .text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 013B0FBC .text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_wopen 76900570 5 Bytes JMP 013B0000 .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 013C0000 .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 013C0025 .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 013C005B .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 013C004A .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 013C0FE5 .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 013C0076 .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 013C0FB9 .text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 013C0FCA .text C:\Windows\system32\svchost.exe[1564] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 013D0FEF .text C:\Windows\Explorer.EXE[1588] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 022C0000 .text C:\Windows\Explorer.EXE[1588] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 022C0FCA .text C:\Windows\Explorer.EXE[1588] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 022C0FE5 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 022500BD .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 022500D8 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 02250F43 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 02250FD4 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 02250076 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 0225005B .text C:\Windows\Explorer.EXE[1588] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 0225004A .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 02250025 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 02250000 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 02250F32 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 02250F79 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 02250FB9 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 02250F9E .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 022500AC .text C:\Windows\Explorer.EXE[1588] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 02250FE5 .text C:\Windows\Explorer.EXE[1588] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 02250F5E .text C:\Windows\Explorer.EXE[1588] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 02250091 .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 04550FE5 .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 0455003D .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 04550FA5 .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 04550FB6 .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 0455000A .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 04550058 .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 0455002C .text C:\Windows\Explorer.EXE[1588] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 0455001B .text C:\Windows\Explorer.EXE[1588] msvcrt.dll!_open 768C7E48 5 Bytes JMP 04540FEF .text C:\Windows\Explorer.EXE[1588] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 04540042 .text C:\Windows\Explorer.EXE[1588] msvcrt.dll!system 768FB16F 5 Bytes JMP 04540FB7 .text C:\Windows\Explorer.EXE[1588] msvcrt.dll!_creat 768FED29 5 Bytes JMP 0454000C .text C:\Windows\Explorer.EXE[1588] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 0454001D .text C:\Windows\Explorer.EXE[1588] msvcrt.dll!_wopen 76900570 5 Bytes JMP 04540FDE .text C:\Windows\Explorer.EXE[1588] WININET.dll!InternetOpenA 75554E2B 5 Bytes JMP 044F0000 .text C:\Windows\Explorer.EXE[1588] WININET.dll!InternetOpenUrlA 7555BFCE 5 Bytes JMP 044F001B .text C:\Windows\Explorer.EXE[1588] WININET.dll!InternetOpenW 7558C03E 5 Bytes JMP 044F0FE5 .text C:\Windows\Explorer.EXE[1588] WININET.dll!InternetOpenUrlW 755BD722 5 Bytes JMP 044F002C .text C:\Windows\Explorer.EXE[1588] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 0456000A .text C:\Windows\system32\svchost.exe[1872] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 005D0000 .text C:\Windows\system32\svchost.exe[1872] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 005D0040 .text C:\Windows\system32\svchost.exe[1872] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 005D001B .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 005C0F65 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 005C0F1E .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 005C0F39 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 005C001B .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 005C0062 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 005C0047 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 005C0F8A .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 005C0FDE .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 005C0FEF .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 005C0F0D .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 005C0F4A .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 005C002C .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 005C0FA5 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 005C0084 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 005C000A .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 005C00A9 .text C:\Windows\system32\svchost.exe[1872] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 005C0073 .text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_open 768C7E48 5 Bytes JMP 005E0FE3 .text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 005E0FAD .text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!system 768FB16F 5 Bytes JMP 005E0042 .text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_creat 768FED29 5 Bytes JMP 005E001D .text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 005E0FC8 .text C:\Windows\system32\svchost.exe[1872] msvcrt.dll!_wopen 76900570 5 Bytes JMP 005E000C .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 005F000A .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 005F0036 .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 005F0FAF .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 005F0047 .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 005F0FE5 .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 005F0F9E .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 005F0025 .text C:\Windows\system32\svchost.exe[1872] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 005F0FD4 .text C:\Windows\system32\svchost.exe[1872] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 0060000A .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2732] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 6F2E99A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2732] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 6F2E9A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\system32\svchost.exe[2920] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00F00000 .text C:\Windows\system32\svchost.exe[2920] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 00F0002C .text C:\Windows\system32\svchost.exe[2920] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00F0001B .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00EB00A9 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00EB0F39 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 00EB0F4A .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 00EB0036 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00EB007D .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 00EB0FA5 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00EB0062 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 00EB0FEF .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00EB000A .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 00EB00F3 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 00EB00BA .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00EB0051 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00EB0FCA .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 00EB0098 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 00EB0025 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 00EB0F65 .text C:\Windows\system32\svchost.exe[2920] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00EB0F8A .text C:\Windows\system32\svchost.exe[2920] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00F20000 .text C:\Windows\system32\svchost.exe[2920] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00F20031 .text C:\Windows\system32\svchost.exe[2920] msvcrt.dll!system 768FB16F 5 Bytes JMP 00F20FA6 .text C:\Windows\system32\svchost.exe[2920] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00F20FD2 .text C:\Windows\system32\svchost.exe[2920] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 00F20FC1 .text C:\Windows\system32\svchost.exe[2920] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00F20FE3 .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 01140000 .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 01140022 .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 01140F8A .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 01140F9B .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 01140FE5 .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 01140047 .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 01140011 .text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 01140FCA .text C:\Windows\system32\svchost.exe[2920] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 01150000 .text C:\Windows\system32\svchost.exe[3672] ntdll.dll!NtCreateFile 76F955C8 5 Bytes JMP 00060FEF .text C:\Windows\system32\svchost.exe[3672] ntdll.dll!NtCreateProcess 76F95698 5 Bytes JMP 0006000A .text C:\Windows\system32\svchost.exe[3672] ntdll.dll!NtProtectVirtualMemory 76F95F18 5 Bytes JMP 00060FD4 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!GetStartupInfoA 76E71E10 5 Bytes JMP 00020065 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreateProcessW 76E7204D 5 Bytes JMP 00020EF2 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreateProcessA 76E72082 5 Bytes JMP 00020F03 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreateNamedPipeW 76EA270F 5 Bytes JMP 00020025 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!VirtualProtect 76EB2341 5 Bytes JMP 00020040 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!LoadLibraryExW 76EB4775 5 Bytes JMP 00020F72 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!LoadLibraryExA 76EB47FA 5 Bytes JMP 00020F8D .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreateFileW 76EBCC56 5 Bytes JMP 00020FD4 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreateFileA 76EBCEE8 5 Bytes JMP 00020FE5 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!GetProcAddress 76EC33D3 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!GetProcAddress 76EC33D3 5 Bytes JMP 00020ED7 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!GetStartupInfoW 76EC3891 5 Bytes JMP 00020076 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!LoadLibraryA 76EC395C 5 Bytes JMP 00020FB9 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!LoadLibraryW 76EC3C01 5 Bytes JMP 00020F9E .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreatePipe 76ED35B7 5 Bytes JMP 00020F32 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!CreateNamedPipeA 76EFD44F 5 Bytes JMP 00020014 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!WinExec 76EFE5FD 5 Bytes JMP 00020087 .text C:\Windows\system32\svchost.exe[3672] kernel32.dll!VirtualProtectEx 76EFF5D9 5 Bytes JMP 00020F4D .text C:\Windows\system32\svchost.exe[3672] msvcrt.dll!_open 768C7E48 5 Bytes JMP 00070FEF .text C:\Windows\system32\svchost.exe[3672] msvcrt.dll!_wsystem 768FB04F 5 Bytes JMP 00070FA1 .text C:\Windows\system32\svchost.exe[3672] msvcrt.dll!system 768FB16F 5 Bytes JMP 0007002C .text C:\Windows\system32\svchost.exe[3672] msvcrt.dll!_creat 768FED29 5 Bytes JMP 00070FC6 .text C:\Windows\system32\svchost.exe[3672] msvcrt.dll!_wcreat 7690038E 5 Bytes JMP 0007001B .text C:\Windows\system32\svchost.exe[3672] msvcrt.dll!_wopen 76900570 5 Bytes JMP 00070000 .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyA 7695CC15 5 Bytes JMP 0008000A .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyA 7695CD01 5 Bytes JMP 00080FA8 .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExA 76961469 5 Bytes JMP 00080039 .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyW 76961514 5 Bytes JMP 00080F97 .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyW 76962459 5 Bytes JMP 00080FEF .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegCreateKeyExW 769640FE 5 Bytes JMP 0008005E .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExW 7696468D 5 Bytes JMP 00080FC3 .text C:\Windows\system32\svchost.exe[3672] ADVAPI32.dll!RegOpenKeyExA 76964907 5 Bytes JMP 00080FDE .text C:\Windows\system32\svchost.exe[3672] WS2_32.dll!socket 770B3EB8 5 Bytes JMP 00180000 .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5152] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5160] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F974A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F97535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F976F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5176] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5184] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F974A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F97535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F976F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5192] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F974A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F97535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F976F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5488] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5504] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F964A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F96535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F966F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5580] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtCreateFile + 6 76F955CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtCreateFile + B 76F955D3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 1 Byte [28] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtMapViewOfSection + 6 76F95C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtMapViewOfSection + B 76F95C33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenFile + 6 76F95CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenFile + B 76F95CE3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcess + 6 76F95D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcess + B 76F95D93 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessToken + 6 76F95D9E 4 Bytes CALL 75F974A4 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessToken + B 76F95DA3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenProcessTokenEx + B 76F95DB3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThread + 6 76F95E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThread + B 76F95E13 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadToken + 6 76F95E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadToken + B 76F95E23 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E2E 4 Bytes CALL 75F97535 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtOpenThreadTokenEx + B 76F95E33 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryAttributesFile + 6 76F95F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryAttributesFile + B 76F95F43 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryFullAttributesFile + 6 76F95FEE 4 Bytes CALL 75F976F3 C:\Windows\system32\SHELL32.dll (Wspólna biblioteka DLL Pow³oki systemu Windows/Microsoft Corporation) .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtQueryFullAttributesFile + B 76F95FF3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationFile + 6 76F9663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationFile + B 76F96643 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationThread + 6 76F9669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtSetInformationThread + B 76F966A3 1 Byte [E2] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 1 Byte [68] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtUnmapViewOfSection + 6 76F969BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Januœ\AppData\Local\Google\Chrome\Application\chrome.exe[5624] ntdll.dll!NtUnmapViewOfSection + B 76F969C3 1 Byte [E2] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D72437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D55600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D556BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D724B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D68514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D64CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D6506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D65144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D66671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D6826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D687BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D6901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D6E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D64BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2000] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2000] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2000] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2000] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\mfevtps.exe[2760] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0119A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\Windows\system32\rundll32.exe[2808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2808] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[2808] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7502FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodnoœci aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8626E508 Device \Driver\atapi \Device\Ide\IdePort0 8626E508 Device \Driver\atapi \Device\Ide\IdePort1 8626E508 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8626E508 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Mened¿er filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x52 0xF7 0x17 0x6B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x85 0xD5 0xE8 0xDC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x58 0xB9 0x9E 0x0C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x3A 0x6D 0x63 0x66 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 70AA53C02FB1318599F0A42FDEE348F216F9FED9D80533484396C903F5B78F2D2A97BB12EA155E2B8552C7BCD01E427B4B7828023AF4442ACB37E96FDB67B784E330913ABE511A5BB63C4F2A8CC69412FCFDC0CEDE0C8580E64AC10AAEE996A0085950E7C143EE12D6CDFDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6678EDD5E5BE2F6E667F16A075CCB96862FC805391EE4012A7E79AFAADF8F93135E2FBA86542185F9756C39BD2797DAC9B36576272221DF1AC62CFD6CECE7BC8A1AA431C3D2330EE3E84C6EFD2458180FE5D845E218FC0255689A40DD4CA2A67BAFB7BBF9500D729F38B3C5AFBDEED0709AC81FFEE1EC2B34008F365FFBE9F618277AC877032DD8DAF09682AD834ECABA07AEB5850A78613E0EAAA2C59CFA1649684E4FFCC3A4AA7C843D6947A77D11F047D7C0F03B3E7035F6DD4EDA7227AEA9BFECC541111C939CCBC543BF031870475B667A31456C678A826F03DB68D232086161AAEE0DCA85087F205FCD8DCB7C27A7CFA22B9CC81AE25DFA927988F854E9E08BFE237D01B63E3E910F9B67DE0B2FF0DF7AB6592A9E1B98EFCED705A50D04B79E45714CA01E748A312749D426B5B0E4B0C99F367C51C1A70F111234F999C5C3A2075E07207B12CA6E02EABA8 ---- EOF - GMER 1.0.15 ----