GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-09 23:02:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964032 rev.0002 596,17GB Running: qbizn612.exe; Driver: C:\Users\JEDENA~1\AppData\Local\Temp\awtoauog.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1964] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000074fd87b1 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073af1a22 2 bytes [AF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073af1ad0 2 bytes [AF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073af1b08 2 bytes [AF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073af1bba 2 bytes [AF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2056] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073af1bda 2 bytes [AF, 73] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3032] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Winamp\winampa.exe[4792] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x3aee28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x3aee68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x3aeda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x3aed28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x3aef28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x3aef68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x3aeee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x3aeea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x3aec68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x3aeca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x3aec28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x3aede8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x3aed68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x3aece8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x9e9e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x9e9e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x9e9da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x9e9d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x9e9f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x9e9f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x9e9ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x9e9ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x9e9c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x9e9ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x9e9c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x9e9de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x9e9d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x9e9ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0xb3ee28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0xb3ee68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0xb3eda8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0xb3ed28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0xb3ef28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0xb3ef68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0xb3eee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0xb3eea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0xb3ec68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0xb3eca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0xb3ec28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0xb3ede8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0xb3ed68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0xb3ece8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x35da28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x35da68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x35d9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x35d928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x35db28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x35db68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x35dae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x35daa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x35d868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x35d8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x35d828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x35d9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x35d968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x35d8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x1070228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x1070268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x10701a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x1070128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x1070328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x1070368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x10702e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x10702a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x1070068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x10700a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x1070028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x10701e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x1070168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x10700e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x30a228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x30a268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x30a1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x30a128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x30a328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x30a368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x30a2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x30a2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x30a068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x30a0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x30a028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x30a1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x30a168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x30a0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x77d228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x77d268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x77d1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x77d128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x77d328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x77d368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x77d2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x77d2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x77d068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x77d0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x77d028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x77d1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x77d168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x77d0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0xa41228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0xa41268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0xa411a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0xa41128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0xa41328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0xa41368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0xa412e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0xa412a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0xa41068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0xa410a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0xa41028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0xa411e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0xa41168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0xa410e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x1da228; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x1da268; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x1da1a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x1da128; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x1da328; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x1da368; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x1da2e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x1da2a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x1da068; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x1da0a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x1da028; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x1da1e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x1da168; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x1da0e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0xfcfa28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0xfcfa68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0xfcf9a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0xfcf928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0xfcfb28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0xfcfb68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0xfcfae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0xfcfaa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0xfcf868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0xfcf8a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0xfcf828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0xfcf9e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0xfcf968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0xfcf8e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0x5a3e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0x5a3e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0x5a3da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0x5a3d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0x5a3f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0x5a3f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0x5a3ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0x5a3ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0x5a3c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0x5a3ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0x5a3c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0x5a3de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0x5a3d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0x5a3ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000772df991 7 bytes {MOV EDX, 0xb55a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000772dfbd5 7 bytes {MOV EDX, 0xb55a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000772dfc05 7 bytes {MOV EDX, 0xb559a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000772dfc1d 7 bytes {MOV EDX, 0xb55928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000772dfc35 7 bytes {MOV EDX, 0xb55b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000772dfc65 7 bytes {MOV EDX, 0xb55b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000772dfce5 7 bytes {MOV EDX, 0xb55ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000772dfcfd 7 bytes {MOV EDX, 0xb55aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000772dfd49 7 bytes {MOV EDX, 0xb55868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000772dfe41 7 bytes {MOV EDX, 0xb558a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772e0099 7 bytes {MOV EDX, 0xb55828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000772e10a5 7 bytes {MOV EDX, 0xb559e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772e111d 7 bytes {MOV EDX, 0xb55968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772e1321 7 bytes {MOV EDX, 0xb558e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074d81465 2 bytes [D8, 74] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074d814bb 2 bytes [D8, 74] .text ... * 2 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000074fe1429 7 bytes JMP 000000017106128f .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000074ffb223 5 bytes JMP 000000017106159b .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000750788f4 7 bytes JMP 0000000171061339 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075078979 5 bytes JMP 00000001710616b8 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075078ccf 5 bytes JMP 000000017106101e .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000074dc1d1b 5 bytes JMP 00000001710611d1 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000074dc1dc9 5 bytes JMP 0000000171061019 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000074dc2aa4 5 bytes JMP 000000017106154b .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000074dc2d0a 5 bytes JMP 0000000171061276 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e5e9a2 5 bytes JMP 00000001710615b4 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e5ebdc 5 bytes JMP 000000017106119a .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075b45ea5 5 bytes JMP 00000001710615e6 .text S:\instalki\qbizn612.exe[6064] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075b79d0b 5 bytes JMP 000000017106122b ---- EOF - GMER 2.1 ----