GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-20 16:43:26 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC7BP 149,05GB Running: 3uq5lcuy.exe; Driver: C:\Users\TNR\AppData\Local\Temp\uwldipow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880067abc34 12 bytes {MOV RAX, 0xfffffa8004bfa2a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2328] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Akamai\netsession_win.exe[2588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [3340] entry point in ".rdata" section 000000006da271e6 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x108e628; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x108e668; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x108e5a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x108e528; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x108e728; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x108e768; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x108e6e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x108e6a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x108e468; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x108e4a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x108e428; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x108e5e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x108e568; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x108e4e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3512] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0xfeca28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0xfeca68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0xfec9a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0xfec928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0xfecb28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0xfecb68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0xfecae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0xfecaa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0xfec868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0xfec8a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0xfec828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0xfec9e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0xfec968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0xfec8e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x8d6628; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x8d6668; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x8d65a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x8d6528; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x8d6728; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x8d6768; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x8d66e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x8d66a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x8d6468; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x8d64a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x8d6428; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x8d65e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x8d6568; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x8d64e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0xba9e28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0xba9e68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0xba9da8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0xba9d28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0xba9f28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0xba9f68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0xba9ee8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0xba9ea8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0xba9c68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0xba9ca8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0xba9c28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0xba9de8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0xba9d68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0xba9ce8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x2ca228; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x2ca268; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x2ca1a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x2ca128; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x2ca328; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x2ca368; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x2ca2e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x2ca2a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x2ca068; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x2ca0a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x2ca028; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x2ca1e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x2ca168; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x2ca0e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x400a28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x400a68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x4009a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x400928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x400b28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x400b68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x400ae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x400aa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x400868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x4008a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x400828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x4009e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x400968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x4008e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0xc21228; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0xc21268; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0xc211a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0xc21128; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0xc21328; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0xc21368; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0xc212e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0xc212a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0xc21068; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0xc210a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0xc21028; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0xc211e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0xc21168; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0xc210e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x5f6a28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x5f6a68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x5f69a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x5f6928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x5f6b28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x5f6b68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x5f6ae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x5f6aa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x5f6868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x5f68a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x5f6828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x5f69e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x5f6968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x5f68e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x3f8a28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x3f8a68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x3f89a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x3f8928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x3f8b28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x3f8b68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x3f8ae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x3f8aa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x3f8868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x3f88a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x3f8828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x3f89e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x3f8968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x3f88e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[840] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0xf46a28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0xf46a68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0xf469a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0xf46928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0xf46b28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0xf46b68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0xf46ae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0xf46aa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0xf46868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0xf468a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0xf46828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0xf469e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0xf46968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0xf468e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4028] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x1e8628; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x1e8668; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x1e85a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x1e8528; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x1e8728; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x1e8768; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x1e86e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x1e86a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x1e8468; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x1e84a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x1e8428; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x1e85e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x1e8568; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x1e84e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x7fb228; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x7fb268; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x7fb1a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x7fb128; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x7fb328; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x7fb368; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x7fb2e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x7fb2a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x7fb068; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x7fb0a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x7fb028; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x7fb1e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x7fb168; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x7fb0e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0xb61a28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0xb61a68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0xb619a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0xb61928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0xb61b28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0xb61b68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0xb61ae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0xb61aa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0xb61868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0xb618a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0xb61828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0xb619e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0xb61968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0xb618e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Java\jre7\bin\java.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x354a28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x354a68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x3549a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x354928; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x354b28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x354b68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x354ae8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x354aa8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x354868; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x3548a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x354828; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x3549e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x354968; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x3548e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2624] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x795228; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x795268; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x7951a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x795128; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x795328; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x795368; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x7952e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x7952a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x795068; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x7950a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x795028; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x7951e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x795168; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x7950e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0xdcae28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0xdcae68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0xdcada8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0xdcad28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0xdcaf28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0xdcaf68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0xdcaee8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0xdcaea8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0xdcac68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0xdcaca8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0xdcac28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0xdcade8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0xdcad68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0xdcace8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x1068e28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x1068e68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 2 bytes [BA, A8] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 8 0000000077dbfbc8 4 bytes [06, 01, FF, E2] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 2 bytes [BA, 28] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 8 0000000077dbfbe0 4 bytes [06, 01, FF, E2] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x1068f28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x1068f68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x1068ee8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x1068ea8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x1068c68; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x1068ca8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x1068c28; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 2 bytes [BA, E8] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 8 0000000077dc1068 4 bytes {CALL 0xffffffffff010692} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 2 bytes [BA, 68] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 8 0000000077dc10e0 4 bytes [06, 01, FF, E2] .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x1068ce8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x6b5228; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x6b5268; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x6b51a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x6b5128; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x6b5328; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x6b5368; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x6b52e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x6b52a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x6b5068; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x6b50a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x6b5028; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x6b51e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x6b5168; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x6b50e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[2548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x14c628; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x14c668; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x14c5a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x14c528; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x14c728; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x14c768; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x14c6e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x14c6a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x14c468; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x14c4a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x14c428; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x14c5e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x14c568; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x14c4e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077dbf951 7 bytes {MOV EDX, 0x2c0628; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077dbfb95 7 bytes {MOV EDX, 0x2c0668; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077dbfbc5 7 bytes {MOV EDX, 0x2c05a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077dbfbdd 7 bytes {MOV EDX, 0x2c0528; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077dbfbf5 7 bytes {MOV EDX, 0x2c0728; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077dbfc25 7 bytes {MOV EDX, 0x2c0768; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077dbfca5 7 bytes {MOV EDX, 0x2c06e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077dbfcbd 7 bytes {MOV EDX, 0x2c06a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077dbfd09 7 bytes {MOV EDX, 0x2c0468; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077dbfe01 7 bytes {MOV EDX, 0x2c04a8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077dc0059 7 bytes {MOV EDX, 0x2c0428; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077dc1065 7 bytes {MOV EDX, 0x2c05e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077dc10dd 7 bytes {MOV EDX, 0x2c0568; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077dc12e1 7 bytes {MOV EDX, 0x2c04e8; JMP RDX} .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077d71401 2 bytes JMP 759ceb26 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077d71419 2 bytes JMP 759db513 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077d71431 2 bytes JMP 75a58609 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077d7144a 2 bytes CALL 759b1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077d714dd 2 bytes JMP 75a57efe C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077d714f5 2 bytes JMP 75a580d8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077d7150d 2 bytes JMP 75a57df4 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077d71525 2 bytes JMP 75a581c2 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077d7153d 2 bytes JMP 759cf088 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077d71555 2 bytes JMP 759db885 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077d7156d 2 bytes JMP 75a586c1 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077d71585 2 bytes JMP 75a58222 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077d7159d 2 bytes JMP 75a57db8 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077d715b5 2 bytes JMP 759cf121 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077d715cd 2 bytes JMP 759db29f C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077d716b2 2 bytes JMP 75a58584 C:\Windows\syswow64\kernel32.dll .text C:\Users\TNR\AppData\Local\Google\Chrome\Application\chrome.exe[4984] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077d716bd 2 bytes JMP 75a57d4d C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88000e4d0c0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88000e4ce4c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88000e4d838] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88000e4c600] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88000e4da8c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80039a72c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039a72c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039a72c0 Device \Driver\adb2clqs \Device\Scsi\adb2clqs1 fffffa8004d5a2c0 Device \FileSystem\Ntfs \Ntfs fffffa80039ab2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8004c562c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004c562c0 Device \Driver\cdrom \Device\CdRom0 fffffa80061012c0 Device \Driver\dtsoftbus01 \Device\00000075 fffffa8004a502c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004c4c2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8004c4c2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8004a502c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FD3AAC78-212B-4A21-B530-0496A3F30FE2} fffffa8004b512c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8004c562c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004c562c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004b512c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039a72c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8004c4c2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004c4c2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039a72c0 Device \Driver\adb2clqs \Device\ScsiPort2 fffffa8004d5a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{4B8B8A45-EA75-40AC-8882-124BECFAD15B} fffffa8004b512c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039a72c0]<< sptd.sys ataport.SYS pciide.sys fffffa80039a72c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800490f060] fffffa800490f060 Trace 3 CLASSPNP.SYS[fffff88001a6443f] -> nt!IofCallDriver -> [0xfffffa80043cf520] fffffa80043cf520 Trace 5 ACPI.sys[fffff88001103781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043cc060] fffffa80043cc060 Trace \Driver\atapi[0xfffffa80043c5e70] -> IRP_MJ_CREATE -> 0xfffffa80039a72c0 fffffa80039a72c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\adb2clqs.SYS fffff88007dac000-fffff88007df0000 (278528 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3204:260] 000007fefc182a74 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xE9 0x10 0x6C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4A 0xC4 0xB6 0xC6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 (null) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xBB 0xE9 0x10 0x6C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4A 0xC4 0xB6 0xC6 ... ---- EOF - GMER 2.1 ----