GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-12-19 13:37:56 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500DM0 rev.KC44 465,76GB Running: m57g1hli.exe; Driver: C:\Users\PRACOW~1\AppData\Local\Temp\ugriypog.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002fa8000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002fa802e 19 bytes [CE, 01, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe[1744] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Windows\system32\hasplms.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Windows\system32\hasplms.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\Lectra\Modaservice\modaserv.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Lectra\Modaservice\modaserv.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2756] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1892] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077b8000c 1 byte [C3] .text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1892] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077c0f8ea 5 bytes JMP 0000000177bbd5c1 .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076328769 5 bytes JMP 000000016cbf7dbc .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077496143 5 bytes JMP 000000016d11c706 .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076423e59 5 bytes JMP 000000016cc23556 .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076423eae 5 bytes JMP 000000016cc49255 .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076424731 5 bytes JMP 000000016cc3db5c .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076425dee 5 bytes JMP 000000016cc52989 ? C:\Windows\system32\mssprxy.dll [2584] entry point in ".rdata" section 00000000746171e6 .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[2584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5076] entry point in ".rdata" section 00000000746171e6 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[5056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[1208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f9b1 8 bytes {MOV EDX, 0x90228; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 0000000077b8f9bb 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbf5 8 bytes {MOV EDX, 0x90268; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 0000000077b8fbff 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc25 8 bytes {MOV EDX, 0x901a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 0000000077b8fc2f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc3d 8 bytes {MOV EDX, 0x90128; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 0000000077b8fc47 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc55 8 bytes {MOV EDX, 0x90328; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 0000000077b8fc5f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc85 8 bytes {MOV EDX, 0x90368; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 0000000077b8fc8f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fd05 8 bytes {MOV EDX, 0x902e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 0000000077b8fd0f 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fd1d 8 bytes {MOV EDX, 0x902a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 0000000077b8fd27 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd69 8 bytes {MOV EDX, 0x90068; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 0000000077b8fd73 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe61 8 bytes {MOV EDX, 0x900a8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 0000000077b8fe6b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b900b9 8 bytes {MOV EDX, 0x90028; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077b900c3 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910c5 8 bytes {MOV EDX, 0x901e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 0000000077b910cf 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9113d 8 bytes {MOV EDX, 0x90168; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077b91147 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91341 8 bytes {MOV EDX, 0x900e8; JMP RDX} .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 0000000077b9134b 1 byte [90] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Users\Pracownia\AppData\Local\Google\Chrome\Application\chrome.exe[792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [5848] entry point in ".rdata" section 00000000746171e6 .text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[6100] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076328769 5 bytes JMP 000000016cbf7dbc .text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[6100] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077496143 5 bytes JMP 000000016d11c706 .text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[6100] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076423e59 5 bytes JMP 000000016cc23556 .text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[6100] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076423eae 5 bytes JMP 000000016cc49255 .text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[6100] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076424731 5 bytes JMP 000000016cc3db5c .text C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE[6100] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076425dee 5 bytes JMP 000000016cc52989 .text C:\Windows\SysWOW64\rundll32.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000764b1465 2 bytes [4B, 76] .text C:\Windows\SysWOW64\rundll32.exe[4912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764b14bb 2 bytes [4B, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\Users\Pracownia\Downloads\DesignPro 5 PL Tworzenie wizytówek i etykiet\setup.exe 1 ---- EOF - GMER 2.1 ----