My computer has been automatically rebooting itself.

BrownCloud · Oct 5, 2010

Nevermind. I opened the OTL.exe and this log popped up.

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Prefs.js: {E78CD27B-8DC4-477A-94C4-9B777B2F16AF}:1.9.1 removed from extensions.enabledItems
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ not found.
File C:\RECYCLER\restore.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72cccadb-e58d-11dd-8010-00d09e621c5b}\ not found.
File C:\RECYCLER\restore.exe not found.
Error: No service named Trufos was found to stop!
Unable to delete service\driver key Trufos.
File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys File not found not found.
Error: No service named Profos was found to stop!
Unable to delete service\driver key Profos.
File C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVG8_TRAY\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IS CfgWiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Lqurezuquj\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Qgewehokonip\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\URLLSTCK.exe\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 83 bytes

User: Fourth Window
->Temp folder emptied: 24163556 bytes
->Temporary Internet Files folder emptied: 3982388 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56923991 bytes
->Flash cache emptied: 2744 bytes

User: Gabe
->Temp folder emptied: 134783159 bytes
->Temporary Internet Files folder emptied: 452615 bytes
->Java cache emptied: 11246 bytes
->FireFox cache emptied: 47386078 bytes
->Google Chrome cache emptied: 67659302 bytes
->Flash cache emptied: 14743 bytes

User: HP_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3640996 bytes
->Flash cache emptied: 300 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 11071684 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112352095 bytes

User: secondwindow
->Temp folder emptied: 34648799 bytes
->Temporary Internet Files folder emptied: 1669454 bytes
->FireFox cache emptied: 80293056 bytes
->Flash cache emptied: 2841 bytes

User: TEMP

User: thirdwindow
->Temp folder emptied: 20529243 bytes
->Temporary Internet Files folder emptied: 794032 bytes
->FireFox cache emptied: 81179233 bytes
->Flash cache emptied: 3256 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 6829073 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115379569 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 31285 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2476 bytes

Total Files Cleaned = 767.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10042010_184525

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

BrownCloud · Oct 5, 2010

My youtube isn't working after that OTL fix. Is that supposed to happen?

BrownCloud · Oct 5, 2010

Never mind about the youtube. It's fine now.

oldman960 · Oct 5, 2010

Hi BrownCloud,

Nothing we did should have effected YouTube. What did you need to do to get it to work again?

You have some interesting usernames, secondwindow, for example. Are these legitimate accounts?

IE can't be uninstalled, it's part of XP. You need it to access some MicroSoft sites such as their Update Site. Where you trying to use Renvo Uninstaller to try to remove it?

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Thanks

BrownCloud · Oct 5, 2010

Basically, I did nothing. It just started working again. The YouTube site wasn't working on my computer, but it was on my brother's. What loaded was like a skeleton of the site. It showed a picture of each video, but nothing was playable. And all the text and background had a lackluster. Kind of hard to explain. I rebooted, but it stayed in the same state. I did nothing. Just after a while it was working again.

There's nothing unusual about the user names. I just have multiple users.

My computer is running on Windows XP, btw.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000007bc

Kernel Drivers (total 143):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBADA8000 \WINDOWS\system32\KDCOM.DLL
0xBACB8000 \WINDOWS\system32\BOOTVID.dll
0xBA779000 ACPI.sys
0xBADAA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8A8000 isapnp.sys
0xBA8B8000 ohci1394.sys
0xBA8C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBADAC000 viaide.sys
0xBADAE000 intelide.sys
0xBA8D8000 MountMgr.sys
0xBA749000 ftdisk.sys
0xBADB0000 dmload.sys
0xBA723000 dmio.sys
0xBAB30000 PartMgr.sys
0xBA8E8000 VolSnap.sys
0xBA64E000 iaStor.sys
0xBA636000 atapi.sys
0xBA8F8000 disk.sys
0xBA908000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA616000 fltMgr.sys
0xBA604000 sr.sys
0xBA918000 PxHelp20.sys
0xBA5ED000 KSecDD.sys
0xBA560000 Ntfs.sys
0xBA54B000 inspect.sys
0xBA51E000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBAB38000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xBA503000 Mup.sys
0xBA948000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA968000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBAC78000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB9BF4000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9BE0000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9BBB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBAC80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9B98000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBAC88000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9B7F000 \SystemRoot\system32\drivers\cxfalcon.sys
0xB9B5C000 \SystemRoot\system32\drivers\ks.sys
0xB9A50000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBAC90000 \SystemRoot\System32\Drivers\Modem.SYS
0xB99FA000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA988000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBAC98000 \SystemRoot\system32\DRIVERS\PS2.sys
0xBACA0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBAE04000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xBA998000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA4BB000 \SystemRoot\system32\drivers\pfc.sys
0xBA9A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA9B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBACA8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA197000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBAE0A000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA9D8000 \SystemRoot\system32\DRIVERS\jswscimd.sys
0xBA9F8000 \SystemRoot\system32\drivers\tbhsd.sys
0xB99D8000 \SystemRoot\system32\drivers\portcls.sys
0xBAA08000 \SystemRoot\system32\drivers\drmk.sys
0xBAF40000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBAA78000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA18B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB99C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBAA88000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBAA98000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB99B0000 \SystemRoot\system32\DRIVERS\psched.sys
0xBAAA8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBACB0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBAB48000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB997F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBAAB8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBAB70000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBAE2A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9926000 \SystemRoot\system32\DRIVERS\update.sys
0xBA177000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBAAC8000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBAB08000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6F86000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB9F82000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBAE48000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB2E85000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBAE60000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAFB0000 \SystemRoot\System32\Drivers\Null.SYS
0xBAE62000 \SystemRoot\System32\Drivers\Beep.SYS
0xBABD8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBABE0000 \SystemRoot\System32\drivers\vga.sys
0xBAE64000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBAE66000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBABE8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBABF0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6F16000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2E52000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB2DFA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBABF8000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB2DD9000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB2D89000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9F32000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB2D67000 \SystemRoot\System32\drivers\afd.sys
0xB9F22000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBAC00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB2D3C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB2CCD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9F12000 \SystemRoot\System32\Drivers\Fips.SYS
0xB2C11000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB9F02000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBAE6A000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xB2BC6000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB6EDE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA978000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBAC10000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xBA9C8000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xBAC18000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBAC20000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6ECA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBADC2000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xBAC28000 \SystemRoot\system32\DRIVERS\hidir.sys
0xB6F32000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB2B3E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBADD6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB2DD5000 \SystemRoot\System32\drivers\Dxapi.sys
0xBAC48000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xBAF7D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA4521000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA44E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA395D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA3740000 \SystemRoot\system32\drivers\wdmaud.sys
0xA386D000 \SystemRoot\system32\drivers\sysaudio.sys
0xA265B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA2514000 \SystemRoot\system32\DRIVERS\srv.sys
0xA2623000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBADC6000 \SystemRoot\system32\drivers\MSPQM.sys
0xA2170000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xBAB78000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA167D000 \??\C:\WINDOWS\system32\DNINDIS5.SYS
0x9E87F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
1328 csrss.exe
1352 C:\WINDOWS\system32\winlogon.exe
1396 C:\WINDOWS\system32\services.exe
1408 C:\WINDOWS\system32\lsass.exe
1576 C:\WINDOWS\system32\svchost.exe
1640 svchost.exe
1680 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1704 C:\WINDOWS\system32\svchost.exe
1816 svchost.exe
1912 svchost.exe
232 C:\WINDOWS\system32\LEXBCES.EXE
288 C:\WINDOWS\system32\spoolsv.exe
608 C:\WINDOWS\system32\LEXPPS.EXE
596 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
732 C:\WINDOWS\system32\acs.exe
760 C:\Program Files\Avira\AntiVir Desktop\sched.exe
772 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
896 svchost.exe
1516 C:\WINDOWS\explorer.exe
1200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1320 C:\WINDOWS\arservice.exe
1520 C:\Program Files\Bonjour\mDNSResponder.exe
1788 C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
1264 C:\WINDOWS\ehome\ehrecvr.exe
1964 C:\WINDOWS\ehome\ehSched.exe
2392 C:\Program Files\Java\jre6\bin\jqs.exe
2612 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2820 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2880 C:\WINDOWS\system32\nvsvc32.exe
2900 C:\WINDOWS\arpwrmsg.exe
2920 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
2960 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2996 svchost.exe
3092 C:\WINDOWS\system32\svchost.exe
3196 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3540 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
3716 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3772 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
3900 C:\WINDOWS\system32\rundll32.exe
4004 C:\Program Files\UPHClean\uphclean.exe
628 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
1924 mcrdsvc.exe
1172 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
1900 C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
2060 C:\Program Files\lg_fwupdate\fwupdate.exe
2552 <unknown>
928 C:\hp\KBD\kbd.exe
2828 C:\Program Files\GPSoftware\Directory Opus\dopus.exe
2864 C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
2936 C:\WINDOWS\system32\ctfmon.exe
3576 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4032 C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
2300 C:\Documents and Settings\Gabe\My Documents\My Pictures\print screen\ScreenCapture.exe
2680 C:\WINDOWS\system32\dllhost.exe
2088 alg.exe
3416 C:\WINDOWS\system32\svchost.exe
5620 C:\WINDOWS\system32\wuauclt.exe
5812 C:\WINDOWS\RTHDCPL.EXE
3308 C:\WINDOWS\system\hpsysdrv.exe
5608 C:\Program Files\iTunes\iTunesHelper.exe
5516 C:\Program Files\iPod\bin\iPodService.exe
5336 C:\Program Files\Real\RealPlayer\realplay.exe
5528 C:\Program Files\Mozilla Firefox\firefox.exe
2024 C:\WINDOWS\system32\wscntfy.exe
4996 C:\Documents and Settings\Gabe\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`e075a800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (5)

Done!

oldman960 · Oct 6, 2010

Hi BrownCloud,

The YouTube problem wasn't really a YouTube problem, it was FieFox. Sometimes when you empty the caches FireFox will not display some pages correctly. It's just temporary. Should this happen again whether while we are cleaning this machine or down the road, just refresh the page a couple of times.

There may be a problem with the MBR so we'll try to get a dump of the file. Please note that the log produced must be attached.

Please download MBR.exe and save it to your desktop. Do not run it.

Open a new Notepad session

Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code:

"%userprofile%\Desktop%\MBR.exe" -c 0 1 MBR_backup.dat

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "scan.bat"
Click save

You should now have a file on your desktop named scan.bat with an icon that looks like gears.

Double click on it to run it. A file named MBR Backup.dat will appear on your desktop. Place attach it to your next reply.

An unknown was also detected.

Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.

Double-click on RKUnhookerLE.exe to execute it.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)

The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
When the scanner is finished... click File, Save Report.
Save the file "Report.txt" to your Desktop... Press Close... then press Yes
Copy the entire contents of the Report.txt file in you're next reply.

Please Note:
You may get this warning, it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please post back with

MBR_backup.dat (attached)
RKUnhooker log

Thanks

BrownCloud · Oct 6, 2010

The scan.bat did not create a file named: MBR Backup.dat. Instead, it created mbr.log. I attached it to this post anyways.

Also, are you sure you want me to copy paste all of the Report.txt to you as posts? It'll take a ton of posts... sigh... well, whatever you say. =.=

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6FB4000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4161536 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF9D6000 C:\WINDOWS\System32\nv4_disp.dll 3911680 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 77.79 )
0xB9BE0000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3203072 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 77.79 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2142208 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2142208 bytes
0x804D7000 RAW 2142208 bytes
0x804D7000 WMIxWDM 2142208 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9A3C000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1097728 bytes (Agere Systems, SoftModem Device Driver)
0xBA64E000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xBA560000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB2B84000 C:\WINDOWS\system32\DRIVERS\WNDA31.sys 458752 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0xB2CFB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9954000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB2E28000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAF088000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAF219000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB2EB3000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB99AD000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xBA779000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xBA51E000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB0E3B000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xAC0EC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB2D6A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB2DD8000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xBA723000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB9BA7000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB2BF4000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9B48000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB9B84000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB2D95000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB9A06000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB2DB7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806E2000 ACPI_HAL 134400 bytes
0x806E2000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA616000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xBA749000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB2C3F000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xBA503000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9B6B000 C:\WINDOWS\system32\drivers\cxfalcon.sys 102400 bytes (Conexant Systems, Inc., Conexant Falcon Driver)
0xBA636000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2B6C000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xBA5ED000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB99EF000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xBA54B000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB0D36000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB1A27000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xB9A28000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9BCC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB2E80000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF9C4000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBA604000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xBA768000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB99DE000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB0EA7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA948000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA978000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBAA78000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBAA48000 C:\WINDOWS\system32\DRIVERS\jswscimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA8B8000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBAA28000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB0EB7000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB9F0E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBAB18000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA8C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBAA18000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA908000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA9F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBAAD8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA8E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA9A8000 C:\WINDOWS\system32\DRIVERS\IrBus.sys 49152 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
0xB9F5E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBAA68000 C:\WINDOWS\system32\drivers\tbhsd.sys 49152 bytes (RapidSolution Software AG, Tunebite High-Speed Dubbing)
0xBAA08000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA8D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBAAE8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB9F4E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBAB08000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA8F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA968000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA998000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA9D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA8A8000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBAAF8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA958000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAE936000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA918000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB9EEE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBAC98000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBABE8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBAC30000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBABD8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBAB28000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBAC90000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBAC20000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBAC80000 C:\WINDOWS\system32\DRIVERS\aracpi.sys 24576 bytes (Microsoft Corporation, Microsoft AR ACPI Driver (Beta 2 Release 2))
0xBACB0000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBACA8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB1A93000 C:\DOCUME~1\Gabe\LOCALS~1\Temp\mbr.sys 24576 bytes
0xBAB80000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBAC00000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBABF0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBAC18000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xBABF8000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xBAC38000 C:\WINDOWS\system32\DRIVERS\hidir.sys 20480 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0xBABC0000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBABE0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBAB30000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBACA0000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xBAB70000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBAB78000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBAB38000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBAC88000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBAC48000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAF34A000 C:\WINDOWS\system32\DNINDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xB6EF4000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA16F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB1A0F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4BF000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xBACB8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2E1C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB6F1C000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB6F04000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA183000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA4CB000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xB6F54000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAEE07000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xBADFC000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xBADBA000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xBAE60000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBAE4E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBADB0000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBADCA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBAE4C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBADAE000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBADA8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBAE50000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBADD2000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xBAE52000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBAE02000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBAE20000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBAE46000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBADAC000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBADAA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBAF3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBAFCD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBAF31000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBAE70000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\Gabe\Application Data\skypePM\2010-10-06-0.ezlog
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1972-05-23_beginnings_of_learning_part_i_chapter_6_school_dialogue_brockwood_park_23rd_may_1972.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1973-05-22_beginnings_of_learning_part_i_chapter_1_school_dialogue_brockwood_park_22nd_may_1973.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1973-05-25_beginnings_of_learning_part_i_chapter_15_school_dialogue_brockwood_park_25th_may_1973.htmlll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\beginnings_of_learning\1973-06-17_beginnings_of_learning_part_i_chapter_13_school_dialogue_brockwood_park_17th_june_1973.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_2\1957-00-00_commentaries_on_living_series_ii_chapter_44_'positive_and_negative_teaching'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_06_'pleasure,_habit_and_austerity'.htmlml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_19_'where_the_self_is,_love_is_not'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_25_'the_cultivation_of_sensitivity'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_30_'self-interest_decays_the_mind'.htmlll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_36_'the_voyage_on_an_uncharted_sea'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\commentaries_on_living_series_3\1960-00-00_commentaries_on_living_series_iii_chapter_54_'the_challenge_of_the_present'.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\krishnamurti_on_education\1974-00-00_krishnamurti_on_education_talk_to_teachers_chapter_11_'on_meditation_and_education'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\the_first_and_last_freedom\1953-00-00_the_first_and_last_freedom_questions_and_answers_question_33_'on_superficiality'.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\the_first_and_last_freedom\1953-00-00_the_first_and_last_freedom_questions_and_answers_question_38_'on_transformation'.htmltml
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\Azureus Downloads\00Downloaded\eBooks & Texts\Unsorted\Complete works of J. Krishnamurti\tradition_and_revolution\1971-02-16_tradition_and_revolution_dialogue_28_bombay_16th_february_1971_'right_communication'.htmll
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\My Music\Music\000Unsorted2\Eminem - Discography\Eminem - Curtain_Call_The_Hits-(Deluxe_Edition)-(2CD)\Eminem-Curtain_Call_(Stans_Mixtape)-(Bonus_CD)-2005-h8me\AlbumArt_{42FBE28A-F566-4025-A99B-212D51E3582F}_Large.jpgh8me.mp3
!-->[Hidden] C:\Documents and Settings\Gabe\My Documents\My Music\Music\000Unsorted2\Eminem - Discography\Eminem - Curtain_Call_The_Hits-(Deluxe_Edition)-(2CD)\Eminem-Curtain_Call_(Stans_Mixtape)-(Bonus_CD)-2005-h8me\AlbumArt_{42FBE28A-F566-4025-A99B-212D51E3582F}_Small.jpgh8me.mp3

BrownCloud · Oct 6, 2010

==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002C998, Type: Inline - RelativeJump 0x80503998-->80503952 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA00, Type: Inline - RelativeJump 0x80503A00-->805039BA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA26, Type: Inline - RelativeJump 0x80503A26-->805039DE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CA34, Type: Inline - RelativeCall 0x80503A34-->AD032639 [unknown_code_page]
ntkrnlpa.exe+0x0002CA7C, Type: Inline - RelativeJump 0x80503A7C-->80503A36 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CAF0, Type: Inline - RelativeJump 0x80503AF0-->80503AAA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB10, Type: Inline - RelativeJump 0x80503B10-->80503ACA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CB48, Type: Inline - RelativeJump 0x80503B48-->80503B02 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CBED, Type: Inline - RelativeJump 0x80503BED-->80503BDE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC30, Type: Inline - RelativeJump 0x80503C30-->80503BEA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CC8C, Type: Inline - RelativeJump 0x80503C8C-->80503C46 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CCB4, Type: Inline - RelativeJump 0x80503CB4-->80503C6E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD2C, Type: Inline - RelativeJump 0x80503D2C-->80503CE6 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD52, Type: Inline - RelativeJump 0x80503D52-->80503D0A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002CD68, Type: Inline - RelativeJump 0x80503D68-->80503D22 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006DF0E, Type: Inline - RelativeJump 0x80544F0E-->80544F15 [ntkrnlpa.exe]
tcpip.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB2E670A8-->BA54C6E0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB2E670D4-->BA54C7B0 [inspect.sys]
tcpip.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB2E670E0-->BA54C740 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisCloseAdapter, Type: IAT modification 0xB9EF3B4C-->BA54C6E0 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisDeregisterProtocol, Type: IAT modification 0xB9EF3B1C-->BA54C780 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisOpenAdapter, Type: IAT modification 0xB9EF3B3C-->BA54C7B0 [inspect.sys]
wanarp.sys-->ndis.sys-->NdisRegisterProtocol, Type: IAT modification 0xB9EF3B28-->BA54C740 [inspect.sys]
[1020]dllhost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1020]dllhost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1020]dllhost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1020]dllhost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1020]dllhost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1020]dllhost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1020]dllhost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1108]mDNSResponder.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[1108]mDNSResponder.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1152]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1152]LSSrvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1152]LSSrvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1212]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1212]realsched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1212]realsched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1212]realsched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1212]realsched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1212]realsched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1212]realsched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1228]Communications_Helper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1228]Communications_Helper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1252]BrMfcWnd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1252]BrMfcWnd.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

[128]avgnt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[128]avgnt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[128]avgnt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[128]avgnt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[128]avgnt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[128]avgnt.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[128]avgnt.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[128]avgnt.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1292]CLMLSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1292]CLMLSvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1396]services.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1396]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1396]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1396]services.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1396]services.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1396]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1396]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1396]services.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1396]services.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1396]services.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1408]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1408]lsass.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1408]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1408]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1408]lsass.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1408]lsass.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1408]lsass.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1408]lsass.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[1408]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[1408]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[1408]lsass.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1412]mcrdsvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[1412]mcrdsvc.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1580]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1580]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1580]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1580]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1580]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1580]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1580]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[160]HPZIPM12.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[160]HPZIPM12.EXE-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]

BrownCloud · Oct 6, 2010

[1644]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1644]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1644]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1644]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1644]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1644]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1644]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1644]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1708]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1708]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1708]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1708]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1708]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1708]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1708]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1792]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1792]explorer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1792]explorer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[1792]explorer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1792]explorer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1792]explorer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1792]explorer.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1792]explorer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1792]explorer.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[1792]explorer.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1824]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1824]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1824]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1824]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1824]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1824]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1824]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[1912]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[1912]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[1912]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[1912]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[1912]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[1912]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[1912]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2064]WNDA3100.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2064]WNDA3100.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[2064]WNDA3100.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]

BrownCloud · Oct 6, 2010

[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2096]bratimer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2116]fwupdate.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2240]kbd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2240]kbd.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2240]kbd.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2240]kbd.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2240]kbd.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2240]kbd.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2240]kbd.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2264]nvsvc32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2264]nvsvc32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2264]nvsvc32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2328]ehrecvr.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2328]ehrecvr.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2328]ehrecvr.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

[232]LEXBCES.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[232]LEXBCES.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[232]LEXBCES.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[232]LEXBCES.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2424]ScreenCapture.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2424]ScreenCapture.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2452]BrccMCtl.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2452]BrccMCtl.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2480]dopus.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2480]dopus.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2480]dopus.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2480]dopus.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2480]dopus.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2480]dopus.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2480]dopus.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2480]dopus.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[2480]dopus.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[2480]dopus.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[2480]dopus.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[2480]dopus.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[2480]dopus.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2520]dopusrt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2520]dopusrt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2520]dopusrt.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2520]dopusrt.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2520]dopusrt.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2540]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2540]RichVideo.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2540]RichVideo.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2540]RichVideo.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2540]RichVideo.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2944]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2944]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2944]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2944]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2944]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2944]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2944]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2964]ehSched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2964]ehSched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2964]ehSched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2964]ehSched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2964]ehSched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2096]bratimer.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2096]bratimer.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2096]bratimer.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2096]bratimer.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2096]bratimer.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2108]MDM.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2108]MDM.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2108]MDM.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2108]MDM.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2108]MDM.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2116]fwupdate.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2116]fwupdate.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2116]fwupdate.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2116]fwupdate.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2116]fwupdate.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2148]BrMfimon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2148]BrMfimon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2148]BrMfimon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[2236]rundll32.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[2236]rundll32.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[2236]rundll32.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[2236]rundll32.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[2236]rundll32.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

ignore post 33

[3096]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3096]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3096]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3096]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3096]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3096]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3096]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3096]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3108]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3108]firefox.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3108]firefox.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[3108]firefox.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3108]firefox.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[3108]firefox.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[3108]firefox.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3108]firefox.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3108]firefox.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3108]firefox.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3108]firefox.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3108]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3108]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3108]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[312]spoolsv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[312]spoolsv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[312]spoolsv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[312]spoolsv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[312]spoolsv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[312]spoolsv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3172]ctfmon.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3172]ctfmon.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3172]ctfmon.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3172]ctfmon.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3172]ctfmon.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3204]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3204]Skype.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x0101B0A0-->00000000 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0101B0A4-->00000000 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3204]Skype.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[3204]Skype.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3204]Skype.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E481 [unknown_code_page]
[3204]Skype.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - SEH 0x7C90E482 [unknown_code_page]
[3204]Skype.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3204]Skype.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3204]Skype.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3204]Skype.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3204]Skype.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[3204]Skype.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[3204]Skype.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3204]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3204]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3204]Skype.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3368]GoogleToolbarNotifier.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

[3384]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3384]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3384]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3384]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3384]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3384]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3384]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3384]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3568]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3568]alg.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3568]alg.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3568]alg.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3568]alg.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[3568]alg.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[3568]alg.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3568]alg.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3568]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3568]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3568]alg.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3668]AppleMobileDeviceService.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[3788]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[3788]jqs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[3788]jqs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[3788]jqs.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[3788]jqs.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[3788]jqs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[3788]jqs.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[3788]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[3788]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[3788]jqs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4008]uphclean.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4008]uphclean.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4008]uphclean.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4008]uphclean.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4008]uphclean.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4052]iPodService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4052]iPodService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4052]iPodService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4052]iPodService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4052]iPodService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4620]hpsysdrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4620]hpsysdrv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[4752]RTHDCPL.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[4752]RTHDCPL.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

[5352]wuauclt.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[5352]wuauclt.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[5352]wuauclt.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[5352]wuauclt.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[5352]wuauclt.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[5352]wuauclt.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[5352]wuauclt.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[572]LVPrcSrv.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[572]LVPrcSrv.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[5892]iTunesHelper.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x7C80103C-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x7C801008-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x7C801038-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x7C8011BC-->00000000 [LVPrcInj.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x771C308A-->00000000 [guard32.dll]
[5892]iTunesHelper.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x771CEDC8-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[592]arservice.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[592]arservice.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[592]arservice.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[592]arservice.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[592]arservice.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[592]arservice.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[604]LEXPPS.EXE-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[604]LEXPPS.EXE-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[604]LEXPPS.EXE-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[736]acs.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[736]acs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[736]acs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[736]acs.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[736]acs.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[736]acs.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[736]acs.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[736]acs.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[736]acs.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[736]acs.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[736]acs.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[736]acs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[736]acs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[736]acs.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]

BrownCloud · Oct 6, 2010

[760]sched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[760]sched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[760]sched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[760]sched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[760]sched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[760]sched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[760]sched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[760]sched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[760]sched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[760]sched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[760]sched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[760]sched.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x71AB8769-->00000000 [guard32.dll]
[760]sched.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x71AB39CB-->00000000 [guard32.dll]
[760]sched.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D0 [unknown_code_page]
[760]sched.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x71AB39D1 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[772]avguard.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[772]avguard.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[772]avguard.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[772]avguard.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[772]avguard.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[772]avguard.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[772]avguard.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[828]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[828]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[828]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[828]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[828]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x7CA40F40-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x7CA40C15-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x7CA01823-->00000000 [guard32.dll]
[828]svchost.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x7CAB4FD0-->00000000 [guard32.dll]
[828]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x77E109B0-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x77DF6285-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x77E370B9-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BE [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x77E370BF [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x77E37251-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37256 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x77E37257 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x77DEE2AE-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B3 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x77DEE2B4 [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x77DE5F05-->00000000 [guard32.dll]
[992]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0A [unknown_code_page]
[992]skypePM.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x77DE5F0B [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x7C8286FE-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x7C85E554-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7C827B42-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B47 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7C827B48 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x7C82F88F-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A24-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810770-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C802367-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802332-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7C831EF5-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7C831F7B-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7C80B6B1-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7C80E44D-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80ADB0-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D77-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D4F-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF1-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF6 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x7C801AF7 [unknown_code_page]
[992]skypePM.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AE5B-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x7C86169E-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x7C835ED7-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x7C85D653-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x7C8356A3-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7C821271-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x7C835EF6-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7C81F73E-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x7C821992-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD0-->00000000 [guard32.dll]
[992]skypePM.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86158D-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x7C919328-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C915CBB-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C916C83-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x7C90CF6E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x7C90CFEE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7C90D0AE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x7C90D14E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x7C90D15E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x7C90D23E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x7C90D38E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x7C90D46E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x7C90D59E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x7C90DC9E-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x7C90DEBE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [guard32.dll]
[992]skypePM.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x7C9100C4-->00000000 [guard32.dll]
[992]skypePM.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x7E459E75-->00000000 [guard32.dll]

BrownCloud · Oct 6, 2010

Mbr

sigh. I don't know why you ask me to attach the small ones and copy paste the big ones... It's extremely time consuming.

The scan.bat didn't create an MBR_Backup.dat the first time. I did the exact same process a second time, and it work.

I have to attach it in a zip because .dat files are invalid.

BrownCloud · Oct 6, 2010

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

^Are we getting closer? This was the last line in the report from the scan (it was not included in the Report.txt)

oldman960 · Oct 6, 2010

Hi BrownCloud,

The dat needed to be attached so forum software won't alter it. Please be patient it will take some time to analyze it as well as go through the log.

Thanks

My computer has been automatically rebooting itself.

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member