GMER 2.1.19155 - http://www.gmer.net Rootkit scan 2013-03-10 19:43:03 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 596,17GB Running: d4wvmnm5.exe; Driver: C:\Users\Sasha\AppData\Local\Temp\afloikod.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\SysWOW64\lkads.exe[2020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006ffd1a22 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkads.exe[2020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006ffd1ad0 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkads.exe[2020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006ffd1b08 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkads.exe[2020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006ffd1bba 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkads.exe[2020] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006ffd1bda 2 bytes [FD, 6F] ? C:\Windows\system32\mssprxy.dll [1272] entry point in ".rdata" section 00000000736c71e6 .text C:\Windows\SysWOW64\lkcitdl.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006ffd1a22 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkcitdl.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006ffd1ad0 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkcitdl.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006ffd1b08 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkcitdl.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006ffd1bba 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lkcitdl.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006ffd1bda 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lktsrv.exe[2332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006ffd1a22 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lktsrv.exe[2332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006ffd1ad0 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lktsrv.exe[2332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006ffd1b08 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lktsrv.exe[2332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006ffd1bba 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\lktsrv.exe[2332] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006ffd1bda 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\nipalsm.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 000000006ffd1a22 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\nipalsm.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 000000006ffd1ad0 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\nipalsm.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 000000006ffd1b08 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\nipalsm.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 000000006ffd1bba 2 bytes [FD, 6F] .text C:\Windows\SysWOW64\nipalsm.exe[2376] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 000000006ffd1bda 2 bytes [FD, 6F] .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x3ebe28; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x3ebe68; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x3ebda8; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x3ebd28; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x3ebf28; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x3ebf68; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x3ebee8; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x3ebea8; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x3ebc68; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x3ebca8; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x3ebc28; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x3ebde8; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x3ebd68; JMP RDX} .text C:\Program Files (x86)\Glary Utilities\initialize.exe[3144] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x3ebce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 0000000076fcf9f0 5 bytes JMP 000000016ac666a0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000076fcfa88 5 bytes JMP 000000016abef08a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000076fcfc18 5 bytes JMP 000000016ac665d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000076fcfe3c 5 bytes JMP 000000016ac66730 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076fd01a4 5 bytes JMP 000000016abef0cf .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000076fd131c 5 bytes JMP 000000016ac668b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\syswow64\kernel32.dll!CloseHandle 00000000762c1410 5 bytes JMP 000000016ac664d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\syswow64\kernel32.dll!CreateFileW 00000000762c3f3c 5 bytes JMP 000000016ac66390 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\syswow64\kernel32.dll!CreateFileA 00000000762c53ae 5 bytes JMP 000000016ac66250 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [4448] entry point in ".rdata" section 00000000736c71e6 .text C:\Program Files\totalcmd\TOTALCMD.EXE[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files\totalcmd\TOTALCMD.EXE[4120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Users\Sasha\AppData\Local\Akamai\netsession_win.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Users\Sasha\AppData\Local\Akamai\netsession_win.exe[4812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Users\Sasha\AppData\Local\Akamai\netsession_win.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Users\Sasha\AppData\Local\Akamai\netsession_win.exe[4596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe[5092] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe[5228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe[5272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Windows\SysWOW64\RunDll32.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Windows\SysWOW64\RunDll32.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xd57e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xd57e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xd57da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xd57d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xd57f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xd57f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xd57ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xd57ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xd57c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xd57ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xd57c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xd57de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xd57d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xd57ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x2f0228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x2f0268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x2f01a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x2f0128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x2f0328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x2f0368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x2f02e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x2f02a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x2f0068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x2f00a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x2f0028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x2f01e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x2f0168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x2f00e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3488] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x293a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x293a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x2939a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x293928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x293b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x293b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x293ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x293aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x293868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x2938a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x293828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x2939e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x293968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x2938e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xbeba28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xbeba68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xbeb9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xbeb928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xbebb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xbebb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xbebae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xbebaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xbeb868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xbeb8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xbeb828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xbeb9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xbeb968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xbeb8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xdc4228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xdc4268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xdc41a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xdc4128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xdc4328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xdc4368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xdc42e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xdc42a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xdc4068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xdc40a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xdc4028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xdc41e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xdc4168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xdc40e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x6e7228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x6e7268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x6e71a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x6e7128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x6e7328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x6e7368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x6e72e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x6e72a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x6e7068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x6e70a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x6e7028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x6e71e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x6e7168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x6e70e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6412] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x619e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x619e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x619da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x619d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x619f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x619f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x619ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x619ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x619c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x619ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x619c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x619de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x619d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x619ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xe74628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xe74668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xe745a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xe74528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xe74728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xe74768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xe746e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xe746a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xe74468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xe744a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xe74428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xe745e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xe74568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xe744e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xa99228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xa99268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xa991a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xa99128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xa99328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xa99368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xa992e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xa992a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xa99068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xa990a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xa99028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xa991e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xa99168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xa990e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xff6628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xff6668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xff65a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xff6528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xff6728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xff6768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xff66e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xff66a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xff6468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xff64a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xff6428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xff65e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xff6568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xff64e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x7fe628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x7fe668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x7fe5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x7fe528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x7fe728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x7fe768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x7fe6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x7fe6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x7fe468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x7fe4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x7fe428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x7fe5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x7fe568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x7fe4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xffba28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xffba68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xffb9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xffb928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xffbb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xffbb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xffbae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xffbaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xffb868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xffb8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xffb828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xffb9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xffb968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xffb8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x586228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x586268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x5861a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x586128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x586328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x586368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x5862e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x5862a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x586068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x5860a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x586028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x5861e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x586168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x5860e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 3 bytes [BA, 28, B6] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 9 0000000076fcf995 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 3 bytes [BA, 68, B6] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 9 0000000076fcfbd9 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 3 bytes [BA, A8, B5] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 9 0000000076fcfc09 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 3 bytes [BA, 28, B5] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 9 0000000076fcfc21 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 3 bytes [BA, 28, B7] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 9 0000000076fcfc39 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 3 bytes [BA, 68, B7] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 9 0000000076fcfc69 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 3 bytes [BA, E8, B6] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 9 0000000076fcfce9 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 3 bytes [BA, A8, B6] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 9 0000000076fcfd01 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 3 bytes [BA, 68, B4] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 9 0000000076fcfd4d 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 3 bytes [BA, A8, B4] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 9 0000000076fcfe45 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 3 bytes [BA, 28, B4] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 9 0000000076fd009d 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 3 bytes [BA, E8, B5] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 9 0000000076fd10a9 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 3 bytes [BA, 68, B5] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 9 0000000076fd1121 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 3 bytes [BA, E8, B4] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 9 0000000076fd1325 3 bytes [00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xb41228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xb41268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xb411a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xb41128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xb41328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xb41368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xb412e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xb412a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xb41068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xb410a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xb41028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xb411e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xb41168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xb410e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0x81d628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0x81d668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0x81d5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0x81d528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0x81d728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0x81d768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0x81d6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0x81d6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0x81d468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0x81d4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0x81d428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0x81d5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0x81d568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0x81d4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xf8a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xf8a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xf89a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xf8928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xf8b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xf8b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xf8ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xf8aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xf8868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xf88a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xf8828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xf89e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xf8968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xf88e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xc28e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xc28e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 2 bytes [BA, A8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 0000000076fcfc08 4 bytes [C2, 00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 2 bytes [BA, 28] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 0000000076fcfc20 4 bytes [C2, 00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xc28f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xc28f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xc28ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xc28ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xc28c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xc28ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xc28c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 2 bytes [BA, E8] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000076fd10a8 4 bytes {CALL 0xffffffffff00c292} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 2 bytes [BA, 68] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000076fd1120 4 bytes [C2, 00, FF, E2] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xc28ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xb54228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xb54268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xb541a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xb54128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xb54328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xb54368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xb542e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xb542a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xb54068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xb540a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xb54028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xb541e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xb54168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xb540e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xe62628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xe62668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xe625a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xe62528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xe62728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xe62768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xe626e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xe626a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xe62468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xe624a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xe62428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xe625e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xe62568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xe624e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000076fcf991 7 bytes {MOV EDX, 0xcf7e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000076fcfbd5 7 bytes {MOV EDX, 0xcf7e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000076fcfc05 7 bytes {MOV EDX, 0xcf7da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000076fcfc1d 7 bytes {MOV EDX, 0xcf7d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000076fcfc35 7 bytes {MOV EDX, 0xcf7f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000076fcfc65 7 bytes {MOV EDX, 0xcf7f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000076fcfce5 7 bytes {MOV EDX, 0xcf7ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000076fcfcfd 7 bytes {MOV EDX, 0xcf7ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000076fcfd49 7 bytes {MOV EDX, 0xcf7c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000076fcfe41 7 bytes {MOV EDX, 0xcf7ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000076fd0099 7 bytes {MOV EDX, 0xcf7c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000076fd10a5 7 bytes {MOV EDX, 0xcf7de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000076fd111d 7 bytes {MOV EDX, 0xcf7d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000076fd1321 7 bytes {MOV EDX, 0xcf7ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 .text D:\Download\Chrome\d4wvmnm5.exe[7840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075de1465 2 bytes [DE, 75] .text D:\Download\Chrome\d4wvmnm5.exe[7840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075de14bb 2 bytes [DE, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [364:7596] 000007feef0ed3c8 Thread C:\Windows\system32\svchost.exe [364:7600] 000007feef0ed3c8 Thread C:\Windows\system32\svchost.exe [364:7604] 000007feef0ed3c8 Thread C:\Windows\system32\svchost.exe [364:7608] 000007feef0ed3c8 Thread C:\Windows\system32\svchost.exe [520:5112] 000007feef121ab0 Thread C:\Windows\system32\svchost.exe [520:5292] 000007fef86317f8 Thread C:\Windows\system32\svchost.exe [520:5584] 000007fef86317f8 Thread C:\Windows\system32\svchost.exe [520:5320] 000007fef9e3506c Thread C:\Windows\system32\svchost.exe [520:5532] 000007fef7bb1c20 Thread C:\Windows\system32\svchost.exe [520:5524] 000007fef7bb1c20 Thread C:\Windows\system32\svchost.exe [520:4400] 000007fef24c5170 Thread C:\Windows\system32\svchost.exe [520:4404] 000007fef24c5170 Thread C:\Windows\system32\svchost.exe [520:7712] 000007fef141cb70 Thread C:\Windows\system32\svchost.exe [520:8136] 000007fef141cb70 Thread C:\Windows\system32\svchost.exe [3964:4080] 000007fefb0c2f9c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f8bf1ee Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f8bf1ee (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----