by pfge » December 10th, 2010, 2:24 pm
2. continued
[2336]PCMService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2336]PCMService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2336]PCMService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2336]PCMService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2336]PCMService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2336]PCMService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2336]PCMService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2336]PCMService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2336]PCMService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2336]PCMService.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2336]PCMService.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2344]eDSLoader.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2344]eDSLoader.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2344]eDSLoader.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2344]eDSLoader.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[2344]eDSLoader.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2372]SysMonitor.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2372]SysMonitor.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2372]SysMonitor.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2372]SysMonitor.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2372]SysMonitor.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x77C81618-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x77C814E0-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [unknown_code_page]
[2416]cfp.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [unknown_code_page]
[2416]cfp.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->gdi32.dll-->DeleteObject, Type: IAT modification 0x080E1684-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x080E12E0-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->AdjustWindowRectEx, Type: IAT modification 0x080E1774-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->CallWindowProcW, Type: IAT modification 0x080E1818-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->DefWindowProcW, Type: IAT modification 0x080E1A50-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->DrawEdge, Type: IAT modification 0x080E1990-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->DrawFrameControl, Type: IAT modification 0x080E1994-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->FillRect, Type: IAT modification 0x080E1A38-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetScrollInfo, Type: IAT modification 0x080E1884-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetSysColor, Type: IAT modification 0x080E19F0-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetSysColorBrush, Type: IAT modification 0x080E19A8-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->GetSystemMetrics, Type: IAT modification 0x080E1A9C-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->RegisterClassW, Type: IAT modification 0x080E1A00-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->SetScrollInfo, Type: IAT modification 0x080E1B08-->00000000 [unknown_code_page]
[2416]cfp.exe-->shell32.dll-->user32.dll-->SystemParametersInfoW, Type: IAT modification 0x080E18B8-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->CreateThread, Type: IAT modification 0x4B0D11DC-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x4B0D116C-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [unknown_code_page]
[2416]cfp.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2476]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2476]jusched.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2476]jusched.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2476]jusched.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2476]jusched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2476]jusched.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2476]jusched.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2476]jusched.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2476]jusched.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2476]jusched.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[2476]jusched.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2532]sidebar.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2532]sidebar.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2532]sidebar.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2532]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2532]sidebar.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2532]sidebar.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2532]sidebar.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2532]sidebar.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketA, Type: Inline - RelativeJump 0x76A38FA9-->00000000 [guard32.dll]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x76A334EB-->00000000 [guard32.dll]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F0 [unknown_code_page]
[2532]sidebar.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x76A334F1 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[2880]iexplore.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B71130-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B7119C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B711BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [IEShims.dll]
[2880]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B711AC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[2880]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[2880]iexplore.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[2880]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C94123C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x770B99E8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[2880]iexplore.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[2880]iexplore.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[2880]iexplore.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x080E125C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x080E13B0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x080E1460-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x080E11A8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x080E12E8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x080E13B4-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x080E132C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x080E1328-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x080E1118-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x080E1280-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x080E1370-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x080E14A0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x080E13BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x080E14E8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x080E1390-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x080E1168-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x080E1104-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x080E13A0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x080E136C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x080E1428-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x080E13C0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x080E130C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x080E13AC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x080E1144-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x080E1384-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x080E14F8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x080E13B8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x080E116C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x080E1170-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x080E2318-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[2880]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x080E1890-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x080E1A6C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x080E191C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x757A8C33-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x757C27CD-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x757C9AFA-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x757C16FD-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x757D1C58-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x757B3D67-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x757E83DD-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x757ABD25-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x757E80B2-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x757C1FD5-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x757ADC79-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x757AC178-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[2880]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x757A8DF4-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x757B87C7-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x757C179A-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x757B99AE-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->00000000 [IEShims.dll]
[2880]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x757FD93C-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x757FD5D1-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x757FD5F5-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x757FD471-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x757FD56B-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x757ABEE7-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x757E6F1A-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x757D1ECE-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x757A7B69-->00000000 [ieframe.dll]
[2880]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x757D08BE-->00000000 [ieframe.dll]
[2880]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [IEShims.dll]
[2880]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [IEShims.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3060]MemCheck.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3060]MemCheck.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3060]MemCheck.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3060]MemCheck.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3060]MemCheck.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3060]MemCheck.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3060]MemCheck.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3060]MemCheck.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]