GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-20 02:15:03 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000036 Crucial_CT256MX100SSD1 rev.MU01 238,47GB Running: 9kzg9jhi.exe; Driver: C:\Users\Omega\AppData\Local\Temp\pxldypog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffd669a132f 8 bytes [50, 6E, 74, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffd669a1421 8 bytes [40, 6E, 74, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffd669a16b0 8 bytes [20, 6E, 74, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffd669a1894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffd669a230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffd66a46260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffd66a46560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffd66a465c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffd66a46800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffd66a46960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffd66a47770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffd66a47d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffd66a48fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000072ba1462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 0000000072ba16b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 0000000072ba17eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 0000000072ba181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[6996] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000072ba1857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [6996] entry point in ".rdata" section 000000006609f7c0 ? C:\Windows\SYSTEM32\NTASN1.dll [6996] entry point in ".rdata" section 000000006c67a020 ? C:\Windows\system32\ncryptsslp.dll [6996] entry point in ".rdata" section 000000006d1f04f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!LdrResolveDelayLoadedAPI 00007ffd669e65c0 6 bytes {JMP QWORD [RIP+0x1baa3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!RtlAddVectoredExceptionHandler 00007ffd66a16300 5 bytes JMP 00007ffd26a20000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ffd66a463c0 5 bytes [FF, 25, 3A, AC, 17] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffd66a465c0 16 bytes {MOV RAX, 0x7ffd3e8772b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ffd66a46ac0 5 bytes JMP 00007ffd66bd000e .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\ntdll.dll!KiUserCallbackDispatcher 00007ffd66a49c30 5 bytes JMP 00007ffd26a60000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x184323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x191f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 87, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1864e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18239da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x188079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\USER32.dll!SetWindowsHookExA 00007ffd64402730 5 bytes JMP 00007ffd24410000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\USER32.dll!UserClientDllInitialize + 1 00007ffd6440bab1 11 bytes {MOV EAX, 0x1fe0b20; ADD [RAX], AL; ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\USER32.dll!SetWindowsHookExW 00007ffd64427490 5 bytes JMP 00007ffd24430000 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x182adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x16ffe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7160] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x184323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x191f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 87, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1864e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18239da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x188079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x182adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x16ffe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1800] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x184323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x191f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 87, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1864e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18239da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x188079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x182adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x16ffe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6500] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7180] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffd669a132f 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffd669a1421 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffd669a16b0 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffd669a1894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffd669a230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffd66a46260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffd66a46560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffd66a465c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffd66a46800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffd66a46960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffd66a47770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffd66a47d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffd66a48fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000072ba1462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 0000000072ba16b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 0000000072ba17eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 0000000072ba181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\epm0.exe[8700] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000072ba1857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffd669a132f 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffd669a1421 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffd669a16b0 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffd669a1894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffd669a230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffd66a46260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffd66a46560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffd66a465c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffd66a46800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffd66a46960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffd66a47770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffd66a47d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffd66a48fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000072ba1462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 0000000072ba16b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 0000000072ba17eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 0000000072ba181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\Main.exe[6748] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000072ba1857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\System32\vds_ps.dll [6748] entry point in ".rdata" section 000000006e2696d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\KERNEL32.DLL!MoveFileW 00007ffd64d3ddc0 6 bytes {JMP QWORD [RIP+0x185323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ffd64d41800 6 bytes {JMP QWORD [RIP+0x192f7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\KERNEL32.DLL!CopyFileW + 3 00007ffd64d44a33 3 bytes [C5, 88, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\KERNEL32.DLL!CopyFileA 00007ffd64d7c1c0 6 bytes {JMP QWORD [RIP+0x1874e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\KERNEL32.DLL!MoveFileA 00007ffd64d7d620 6 bytes {JMP QWORD [RIP+0x18339da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\KERNEL32.DLL!WinExec 00007ffd64d80860 6 bytes {JMP QWORD [RIP+0x189079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\SHELL32.dll!ShellExecuteExW 00007ffd64e26210 6 bytes {JMP QWORD [RIP+0x183adea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\SHELL32.dll!ShellExecuteW 00007ffd64f311c0 6 bytes {JMP QWORD [RIP+0x170fe3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\System32\WS2_32.dll!WSAStartup 00007ffd64762630 6 bytes {JMP QWORD [RIP+0x1ae9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffd4c51d360 6 bytes {JMP QWORD [RIP+0x3d3c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!InternetReadFile 00007ffd4c5289f0 6 bytes {JMP QWORD [RIP+0x32860a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffd4c5734e0 6 bytes {JMP QWORD [RIP+0x31db1a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ffd4c573dd0 6 bytes {JMP QWORD [RIP+0x25d22a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!InternetReadFileExW 00007ffd4c57c960 6 bytes {JMP QWORD [RIP+0x2f469a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffd4c5ade20 6 bytes {JMP QWORD [RIP+0x3231da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffd4c5b4d50 6 bytes {JMP QWORD [RIP+0x2fc2aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ffd4c61ce90 6 bytes {JMP QWORD [RIP+0x21416a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ffd4c61d780 6 bytes {JMP QWORD [RIP+0x1f387a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ffd4c645c60 6 bytes {JMP QWORD [RIP+0x1ab39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ffd55001fd0 6 bytes {JMP QWORD [RIP+0x18f02a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffd55002060 6 bytes {JMP QWORD [RIP+0x1def9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ffd5508f550 6 bytes {JMP QWORD [RIP+0x171aaa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ffd5508f6d0 6 bytes {JMP QWORD [RIP+0x12192a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ffd5508f820 6 bytes {JMP QWORD [RIP+0x2317da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ffd5508f900 6 bytes {JMP QWORD [RIP+0x2016fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ffd5508fb90 6 bytes {JMP QWORD [RIP+0x1d146a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] C:\Windows\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ffd5508fc60 6 bytes {JMP QWORD [RIP+0x1a139a]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 207 00007ffd669a132f 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlLargeIntegerToChar + 449 00007ffd669a1421 8 bytes [40, 6E, F8, 7F, 00, 00, 00, ...] .text ... * 2 .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 368 00007ffd669a16b0 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...] .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!LdrSetDllDirectory + 852 00007ffd669a1894 8 bytes {JMP 0xffffffffffffffa0} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!RtlLockCurrentThread + 175 00007ffd669a230f 8 bytes {JMP 0xffffffffffffffec} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffd66a46260 8 bytes {JMP QWORD [RIP-0xa4bb6]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00007ffd66a46560 8 bytes {JMP QWORD [RIP-0xa4cd2]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffd66a465c0 8 bytes {JMP QWORD [RIP-0xa5297]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00007ffd66a46800 8 bytes {JMP QWORD [RIP-0xa52d6]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00007ffd66a46960 8 bytes {JMP QWORD [RIP-0xa5545]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00007ffd66a47770 8 bytes {JMP QWORD [RIP-0xa5467]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00007ffd66a47d70 8 bytes {JMP QWORD [RIP-0xa63af]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00007ffd66a48fb0 8 bytes {JMP QWORD [RIP-0xa7682]} .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\System32\wow64cpu.dll!BTCpuProcessInit + 210 0000000072ba1462 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 564 0000000072ba16b4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\System32\wow64cpu.dll!BTCpuIsProcessorFeaturePresent + 875 0000000072ba17eb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 30 0000000072ba181e 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Omega\Downloads\9kzg9jhi.exe[5504] C:\Windows\System32\wow64cpu.dll!BTCpuResetToConsistentState + 87 0000000072ba1857 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ? C:\Windows\system32\apphelp.dll [5504] entry point in ".rdata" section 000000006609f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [1b48032002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [1b48032002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [1b48032002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [1b48032002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7328] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [1b3ae08002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [1b3ae08002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [1b3ae08002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [1b3ae08002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6460] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [234e923002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [234e923002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [234e923002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [234e923002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8364] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [253802d002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [253802d002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [253802d002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [253802d002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [218465f002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [218465f002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [218465f002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [218465f002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7880] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [1cefc34002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [1cefc34002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [1cefc34002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [1cefc34002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9068] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [21c9065002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [21c9065002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [21c9065002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [21c9065002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4580] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [2a79df7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [2a79df7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [2a79df7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [2a79df7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2088] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [2347830002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [2347830002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [2347830002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [2347830002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8272] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [18868b0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [18868b0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [18868b0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [18868b0002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[816] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [1f70037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [1f70037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [1f70037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [1f70037002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[9156] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [1dfe0e7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [1dfe0e7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [1dfe0e7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [1dfe0e7002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7940] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ffd6440002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [1630272002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [1630272002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [1630272002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[GDI32.dll!GetStockObject] [7ffd6440006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3\COMCTL32.dll[USER32.dll!RegisterClassW] [1630272002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[928] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffd36432348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [792:512] fffffadec3206c20 Thread [4752:4392] 0000000073f101c7 Thread [4752:4436] 00000000773a14b0 Thread [4752:4944] 000000007409c59c Thread [4752:4940] 000000007409c59c Thread [4752:4936] 000000007409c59c Thread [4752:3100] 000000007409c59c Thread [4752:5132] 000000007409c59c Thread [4752:5144] 000000007409c59c Thread [4752:5156] 000000007409c59c Thread [4752:4420] 000000007409c59c Thread [4752:7484] 000000006d8083a0 Thread [4752:7772] 000000006d7d4920 Thread [4752:7364] 000000006d7d4920 Thread [4752:4424] 000000006d7d4920 Thread [4752:996] 000000006b4931b0 Thread [4752:7832] 000000006d7d4920 Thread [4752:7352] 000000006ce92600 Thread [4752:2808] 000000006d7d4920 Thread [4752:5228] 00000000777867c0 Thread [4752:1756] 00000000777867c0 Thread [4752:8188] 00000000777867c0 Thread [4752:9616] 000000006d7d4920 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1876156884 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\f81654306861 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x4B 0x44 0xE5 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x4B 0xAC 0xA9 0xBF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x4B 0xDC 0x20 0xFC ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----