GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-19 17:28:06 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\0000006c ST950032 rev.0002 465,76GB Running: gmer.exe; Driver: C:\Users\mati\AppData\Local\Temp\kftciaoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000776ffa48 5 bytes JMP 000000017377139e .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776fffd8 5 bytes JMP 0000000173771a54 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000776ffa48 5 bytes JMP 000000017377139e .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776fffd8 5 bytes JMP 0000000173771a54 .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0x8db628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0x8db668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0x8db5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0x8db528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0x8db728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0x8db768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0x8db6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0x8db6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0x8db468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0x8db4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0x8db428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0x8db5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0x8db568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0x8db4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0x852628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0x852668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0x8525a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0x852528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0x852728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0x852768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0x8526e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0x8526a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0x852468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0x8524a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0x852428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0x8525e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0x852568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0x8524e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0x28a628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0x28a668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0x28a5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0x28a528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0x28a728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0x28a768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0x28a6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0x28a6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0x28a468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0x28a4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0x28a428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0x28a5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0x28a568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0x28a4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0xa17e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0xa17e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0xa17da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0xa17d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0xa17f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0xa17f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0xa17ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0xa17ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0xa17c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0xa17ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0xa17c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0xa17de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0xa17d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0xa17ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0x9a4e28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0x9a4e68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0x9a4da8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0x9a4d28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0x9a4f28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0x9a4f68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0x9a4ee8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0x9a4ea8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0x9a4c68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0x9a4ca8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0x9a4c28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0x9a4de8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0x9a4d68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0x9a4ce8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[480] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0xcd4a28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0xcd4a68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0xcd49a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0xcd4928; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0xcd4b28; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0xcd4b68; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0xcd4ae8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0xcd4aa8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0xcd4868; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0xcd48a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0xcd4828; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0xcd49e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0xcd4968; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0xcd48e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000776ff951 7 bytes {MOV EDX, 0x66c628; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000776ffb95 7 bytes {MOV EDX, 0x66c668; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000776ffbc5 7 bytes {MOV EDX, 0x66c5a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000776ffbdd 7 bytes {MOV EDX, 0x66c528; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000776ffbf5 7 bytes {MOV EDX, 0x66c728; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000776ffc25 7 bytes {MOV EDX, 0x66c768; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000776ffca5 7 bytes {MOV EDX, 0x66c6e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000776ffcbd 7 bytes {MOV EDX, 0x66c6a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000776ffd09 7 bytes {MOV EDX, 0x66c468; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000776ffe01 7 bytes {MOV EDX, 0x66c4a8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077700059 7 bytes {MOV EDX, 0x66c428; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077701065 7 bytes {MOV EDX, 0x66c5e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000777010dd 7 bytes {MOV EDX, 0x66c568; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000777012e1 7 bytes {MOV EDX, 0x66c4e8; JMP RDX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776b1401 2 bytes JMP 753deb26 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776b1419 2 bytes JMP 753eb513 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776b1431 2 bytes JMP 75468609 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776b144a 2 bytes CALL 753c1dfa C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776b14dd 2 bytes JMP 75467efe C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000776b14f5 2 bytes JMP 754680d8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776b150d 2 bytes JMP 75467df4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000776b1525 2 bytes JMP 754681c2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776b153d 2 bytes JMP 753df088 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776b1555 2 bytes JMP 753eb885 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776b156d 2 bytes JMP 754686c1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776b1585 2 bytes JMP 75468222 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776b159d 2 bytes JMP 75467db8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776b15b5 2 bytes JMP 753df121 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776b15cd 2 bytes JMP 753eb29f C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000776b16b2 2 bytes JMP 75468584 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[196] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000776b16bd 2 bytes JMP 75467d4d C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef70a741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef70a5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef70a5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef70a5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef70a7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef70a6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef70a6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef70a7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef70a7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef70a78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef70a4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef70a5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2360] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef70a7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- EOF - GMER 2.1 ----