GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-22 21:37:06 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Maxtor_6Y080M0 rev.YAR51HW0 76,34GB Running: s4w7ykcp.exe; Driver: C:\Users\maly\AppData\Local\Temp\aftciaoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2356] entry point in ".rdata" section 000000006f3071e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f951 7 bytes {MOV EDX, 0xafce28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fb95 7 bytes {MOV EDX, 0xafce68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fbc5 7 bytes {MOV EDX, 0xafcda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fbdd 7 bytes {MOV EDX, 0xafcd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fbf5 7 bytes {MOV EDX, 0xafcf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc25 7 bytes {MOV EDX, 0xafcf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fca5 7 bytes {MOV EDX, 0xafcee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fcbd 7 bytes {MOV EDX, 0xafcea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd09 7 bytes {MOV EDX, 0xafcc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe01 7 bytes {MOV EDX, 0xafcca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077410059 7 bytes {MOV EDX, 0xafcc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077411065 7 bytes {MOV EDX, 0xafcde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000774110dd 7 bytes {MOV EDX, 0xafcd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000774112e1 7 bytes {MOV EDX, 0xafcce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1792] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f951 7 bytes {MOV EDX, 0x559628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fb95 7 bytes {MOV EDX, 0x559668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fbc5 7 bytes {MOV EDX, 0x5595a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fbdd 7 bytes {MOV EDX, 0x559528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fbf5 7 bytes {MOV EDX, 0x559728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc25 7 bytes {MOV EDX, 0x559768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fca5 7 bytes {MOV EDX, 0x5596e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fcbd 7 bytes {MOV EDX, 0x5596a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd09 7 bytes {MOV EDX, 0x559468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe01 7 bytes {MOV EDX, 0x5594a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077410059 7 bytes {MOV EDX, 0x559428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077411065 7 bytes {MOV EDX, 0x5595e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000774110dd 7 bytes {MOV EDX, 0x559568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000774112e1 7 bytes {MOV EDX, 0x5594e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1980] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f951 7 bytes {MOV EDX, 0x37f628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fb95 7 bytes {MOV EDX, 0x37f668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fbc5 7 bytes {MOV EDX, 0x37f5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fbdd 7 bytes {MOV EDX, 0x37f528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fbf5 7 bytes {MOV EDX, 0x37f728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc25 7 bytes {MOV EDX, 0x37f768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fca5 7 bytes {MOV EDX, 0x37f6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fcbd 7 bytes {MOV EDX, 0x37f6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd09 7 bytes {MOV EDX, 0x37f468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe01 7 bytes {MOV EDX, 0x37f4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077410059 7 bytes {MOV EDX, 0x37f428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077411065 7 bytes {MOV EDX, 0x37f5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000774110dd 7 bytes {MOV EDX, 0x37f568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000774112e1 7 bytes {MOV EDX, 0x37f4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f951 7 bytes {MOV EDX, 0x9da628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fb95 7 bytes {MOV EDX, 0x9da668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fbc5 7 bytes {MOV EDX, 0x9da5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fbdd 7 bytes {MOV EDX, 0x9da528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fbf5 7 bytes {MOV EDX, 0x9da728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc25 7 bytes {MOV EDX, 0x9da768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fca5 7 bytes {MOV EDX, 0x9da6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fcbd 7 bytes {MOV EDX, 0x9da6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd09 7 bytes {MOV EDX, 0x9da468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe01 7 bytes {MOV EDX, 0x9da4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077410059 7 bytes {MOV EDX, 0x9da428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077411065 7 bytes {MOV EDX, 0x9da5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000774110dd 7 bytes {MOV EDX, 0x9da568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000774112e1 7 bytes {MOV EDX, 0x9da4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f951 7 bytes {MOV EDX, 0x53b228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fb95 7 bytes {MOV EDX, 0x53b268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fbc5 7 bytes {MOV EDX, 0x53b1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fbdd 7 bytes {MOV EDX, 0x53b128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fbf5 7 bytes {MOV EDX, 0x53b328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc25 7 bytes {MOV EDX, 0x53b368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fca5 7 bytes {MOV EDX, 0x53b2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fcbd 7 bytes {MOV EDX, 0x53b2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd09 7 bytes {MOV EDX, 0x53b068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe01 7 bytes {MOV EDX, 0x53b0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077410059 7 bytes {MOV EDX, 0x53b028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077411065 7 bytes {MOV EDX, 0x53b1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000774110dd 7 bytes {MOV EDX, 0x53b168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000774112e1 7 bytes {MOV EDX, 0x53b0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007740f951 7 bytes {MOV EDX, 0x5ede28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007740fb95 7 bytes {MOV EDX, 0x5ede68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007740fbc5 7 bytes {MOV EDX, 0x5edda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007740fbdd 7 bytes {MOV EDX, 0x5edd28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007740fbf5 7 bytes {MOV EDX, 0x5edf28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007740fc25 7 bytes {MOV EDX, 0x5edf68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007740fca5 7 bytes {MOV EDX, 0x5edee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007740fcbd 7 bytes {MOV EDX, 0x5edea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007740fd09 7 bytes {MOV EDX, 0x5edc68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007740fe01 7 bytes {MOV EDX, 0x5edca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077410059 7 bytes {MOV EDX, 0x5edc28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077411065 7 bytes {MOV EDX, 0x5edde8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000774110dd 7 bytes {MOV EDX, 0x5edd68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000774112e1 7 bytes {MOV EDX, 0x5edce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767f1401 2 bytes JMP 757eeb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767f1419 2 bytes JMP 757fb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767f1431 2 bytes JMP 75878609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767f144a 2 bytes CALL 757d1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767f14dd 2 bytes JMP 75877efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767f14f5 2 bytes JMP 758780d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767f150d 2 bytes JMP 75877df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767f1525 2 bytes JMP 758781c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767f153d 2 bytes JMP 757ef088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767f1555 2 bytes JMP 757fb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767f156d 2 bytes JMP 758786c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767f1585 2 bytes JMP 75878222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767f159d 2 bytes JMP 75877db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767f15b5 2 bytes JMP 757ef121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767f15cd 2 bytes JMP 757fb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767f16b2 2 bytes JMP 75878584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767f16bd 2 bytes JMP 75877d4d C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread [536:708] 000007fefd193d44 Thread [536:712] 000007fefd193ae0 Thread [536:716] 000007fefd1f4be4 Thread [536:720] 000007fefd1f3ff0 Thread [536:740] 000007fefd1f4be4 Thread [536:752] 000007fefd1942b0 Thread [536:756] 000007fefd1942b0 Thread [536:2168] 000007fefd1f4be4 Thread [536:2120] 000007fefd1942b0 Thread [536:3916] 000007fefd1f4be4 Thread C:\Windows\system32\svchost.exe [1132:1160] 000007fefa963260 Thread C:\Windows\system32\svchost.exe [1132:1164] 000007fefa963aac Thread C:\Windows\system32\svchost.exe [1132:1168] 000007fefa963864 Thread C:\Windows\system32\svchost.exe [1132:1172] 000007fefa9646d0 Thread C:\Windows\system32\svchost.exe [1132:1436] 000007fefa0bf978 Thread C:\Windows\system32\svchost.exe [1132:2096] 000007fef109fd00 Thread C:\Windows\system32\svchost.exe [1132:3064] 000007fef9f75124 Thread C:\Windows\system32\svchost.exe [1132:2876] 000007fefa963980 Thread C:\Windows\System32\spoolsv.exe [1220:1488] 000007fef86e10c8 Thread C:\Windows\System32\spoolsv.exe [1220:1496] 000007fef8316144 Thread C:\Windows\System32\spoolsv.exe [1220:1004] 000007fef8105fd0 Thread C:\Windows\System32\spoolsv.exe [1220:1008] 000007fef86c3438 Thread C:\Windows\System32\spoolsv.exe [1220:1672] 000007fef81063ec Thread C:\Windows\System32\spoolsv.exe [1220:1796] 000007fef8be5e5c Thread C:\Windows\System32\spoolsv.exe [1220:772] 000007fef8534828 Thread C:\Windows\system32\taskhost.exe [1812:1680] 000007fef80e2740 Thread C:\Windows\system32\taskhost.exe [1812:1676] 000007fef8681f38 Thread C:\Windows\system32\taskhost.exe [1812:2192] 000007fef7731010 ---- EOF - GMER 2.1 ----