GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-25 10:16:58 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c Crucial_CT250MX200SSD1 rev.MU03 232,89GB Running: mmx23dgj.exe; Driver: C:\Users\Komputer\AppData\Local\Temp\axwdikoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ff8e8359e70 5 bytes JMP 00007ff8da4abaf0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrResolveDelayLoadedAPI 00007ff8e83965c0 6 bytes {JMP QWORD [RIP+0x1baa3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00007ff8e83f63c0 5 bytes [FF, 25, 3A, AC, 17] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ff8e83f65c0 16 bytes {MOV RAX, 0x7ff8cd6572b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00007ff8e83f6ac0 5 bytes [FF, 25, 3A, A5, 19] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2a323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5af7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2D] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2c4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2839da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2e079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18ea56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17cc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7816] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2a323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5af7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2D] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2c4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2839da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2e079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18ea56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17cc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7728] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18ea56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17cc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4732] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7896] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2b323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5cf7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2E] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2d4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2939da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2f079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8024] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2b323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5cf7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2E] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2d4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2939da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2f079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2b323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5cf7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2E] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2d4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2939da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2f079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2b323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5cf7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2E] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2d4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2939da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2f079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8136] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileW 00007ff8e6f6ddc0 6 bytes {JMP QWORD [RIP+0x2b323a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\KERNEL32.DLL!SetProcessDEPPolicy 00007ff8e6f71800 6 bytes {JMP QWORD [RIP+0x5cf7fa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileW + 3 00007ff8e6f74a33 2 bytes [C5, 2E] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\KERNEL32.DLL!CopyFileA 00007ff8e6fac1c0 6 bytes {JMP QWORD [RIP+0x2d4e3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\KERNEL32.DLL!MoveFileA 00007ff8e6fad620 6 bytes {JMP QWORD [RIP+0x2939da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\KERNEL32.DLL!WinExec 00007ff8e6fb0860 6 bytes {JMP QWORD [RIP+0x2f079a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteExW 00007ff8e59e6a90 6 bytes {JMP QWORD [RIP+0x18fa56a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\System32\SHELL32.dll!ShellExecuteW 00007ff8e5ae4c60 6 bytes {JMP QWORD [RIP+0x17dc39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\System32\WS2_32.dll!WSAStartup 00007ff8e75f2630 6 bytes {JMP QWORD [RIP+0x7e9ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ff8cdebd360 6 bytes {JMP QWORD [RIP+0x403c9a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ff8cdec8a80 6 bytes {JMP QWORD [RIP+0x35857a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ff8cdf13370 6 bytes {JMP QWORD [RIP+0x34dc8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestW 00007ff8cdf13c60 6 bytes {JMP QWORD [RIP+0x28d39a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW 00007ff8cdf1c7f0 3 bytes [FF, 25, 0A] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExW + 4 00007ff8cdf1c7f4 2 bytes [32, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ff8cdf4e240 6 bytes {JMP QWORD [RIP+0x352dba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ff8cdf55170 6 bytes {JMP QWORD [RIP+0x32be8a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlA 00007ff8cdfbce40 6 bytes {JMP QWORD [RIP+0x2441ba]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!InternetOpenUrlW 00007ff8cdfbd730 6 bytes {JMP QWORD [RIP+0x2238ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\WININET.dll!HttpOpenRequestA 00007ff8cdfe5b30 6 bytes {JMP QWORD [RIP+0x1db4ca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW 00007ff8d67a2230 6 bytes {JMP QWORD [RIP+0x18edca]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ff8d67a22c0 6 bytes {JMP QWORD [RIP+0x1ded3a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileA 00007ff8d682f610 6 bytes {JMP QWORD [RIP+0x1719ea]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileA 00007ff8d682f790 6 bytes {JMP QWORD [RIP+0x12186a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamA 00007ff8d682f8e0 6 bytes {JMP QWORD [RIP+0x23171a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenBlockingStreamW 00007ff8d682f9c0 6 bytes {JMP QWORD [RIP+0x20163a]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamA 00007ff8d682fc50 6 bytes {JMP QWORD [RIP+0x1d13aa]} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] C:\WINDOWS\SYSTEM32\urlmon.dll!URLOpenStreamW 00007ff8d682fd20 6 bytes {JMP QWORD [RIP+0x1a12da]} ? C:\WINDOWS\system32\apphelp.dll [6004] entry point in ".rdata" section 000000007141f7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[8020] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7920] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff8b1672348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff8e780002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5196] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff8b1672348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\AppPatch\AppPatch64\AcGenral.dll[USER32.dll!GetMonitorInfoW] [7ff8e74b012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [7ff8e780002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\ole32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\ole32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!EnumDisplayMonitors] [7ff8e74b006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\SHELL32.dll[USER32.dll!GetMonitorInfoW] [7ff8e74b012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\SHELL32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\IMM32.DLL[USER32.dll!GetMonitorInfoW] [7ff8e74b012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!GetMonitorInfoW] [7ff8e74b012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!EnumDisplayMonitors] [7ff8e74b006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[GDI32.dll!GetStockObject] [7ff8e780006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!RegisterClassW] [7ff8e74b002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!GetMonitorInfoW] [7ff8e74b012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\COMCTL32.dll[USER32.dll!EnumDisplayMonitors] [7ff8e74b006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ff8b1672348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[7536] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.953_none_7300116921188239\gdiplus.dll[GDI32.dll!GetStockObject] [7ff8e780006c] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [660:784] fffffb95603a6c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1535829544 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x6F 0x2E 0xAE 0x97 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x6F 0x96 0x72 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x6F 0xC6 0xE9 0x35 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... ---- EOF - GMER 2.2 ----