GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-09-22 13:45:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1ER162 rev.CC45 931,51GB Running: fst4u9rh.exe; Driver: C:\Users\Mateusz\AppData\Local\Temp\fwriapod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000072d517fa 2 bytes CALL 753711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072d51860 2 bytes CALL 753711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072d51942 2 bytes JMP 76e57089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000072d5194d 2 bytes JMP 76e5cba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe[4348] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[4192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000702911a8 2 bytes [29, 70] .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 000000007029127d 2 bytes CALL 753714b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000070291310 2 bytes CALL 753714b9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000702913a8 2 bytes [29, 70] .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000070291422 2 bytes [29, 70] .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000070291498 2 bytes [29, 70] .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 000000006fa21825 2 bytes JMP 76736305 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 000000006fa21830 2 bytes JMP 76736325 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000006fa2183b 2 bytes JMP 76736345 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 000000006fa21846 2 bytes JMP 76735be5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 000000006fa21851 2 bytes JMP 76736365 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000006fa2185c 2 bytes JMP 76736445 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 000000006fa21867 2 bytes JMP 76736465 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 000000006fa21872 2 bytes JMP 76736485 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000006fa2187d 2 bytes JMP 767364a5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 000000006fa21888 2 bytes JMP 76735c05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 000000006fa21893 2 bytes JMP 767364c5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000006fa2189e 2 bytes JMP 76735c85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 000000006fa218a9 2 bytes JMP 767364e5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 000000006fa218b4 2 bytes JMP 76736505 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 000000006fa218bf 2 bytes JMP 7670228b C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 000000006fa218ca 2 bytes JMP 76736545 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 000000006fa218d5 2 bytes JMP 76735ca5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 000000006fa218e0 2 bytes JMP 76735d25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 000000006fa218eb 2 bytes JMP 76735d45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 000000006fa218f6 2 bytes JMP 76736aa5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 000000006fa21901 2 bytes JMP 76735c65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000006fa2190c 2 bytes JMP 76736ac5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 000000006fa21917 2 bytes JMP 76736b05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 000000006fa21922 2 bytes JMP 76735cc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000006fa2192d 2 bytes JMP 76736b25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 000000006fa21938 2 bytes JMP 76736b45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 000000006fa21943 2 bytes JMP 76736b65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000006fa2194e 2 bytes JMP 76736b85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 000000006fa21959 2 bytes JMP 76736ba5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 000000006fa21964 2 bytes JMP 76736bc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000006fa2196f 2 bytes JMP 76736be5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000006fa2197a 2 bytes JMP 76736c05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 000000006fa21985 2 bytes JMP 76736c25 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 000000006fa21990 2 bytes JMP 76736c45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000006fa2199b 2 bytes JMP 76736c65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 000000006fa219a6 2 bytes JMP 76736c85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 000000006fa219b1 2 bytes JMP 76736ca5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 000000006fa219bc 2 bytes JMP 76736cc5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 000000006fa219c7 2 bytes JMP 76736ce5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 000000006fa219d2 2 bytes JMP 76736d05 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 000000006fa219dd 2 bytes JMP 76735d65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 000000006fa219e8 2 bytes JMP 76736d45 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 000000006fa219f3 2 bytes JMP 76736d65 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 000000006fa219fe 2 bytes JMP 76736da3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 000000006fa21a09 2 bytes JMP 76736dc3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 000000006fa21a14 2 bytes JMP 76736de3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 000000006fa21a1f 2 bytes JMP 76735ce5 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 000000006fa21a2a 2 bytes JMP 76736e03 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 000000006fa21a35 2 bytes JMP 76736e23 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 000000006fa21a40 2 bytes JMP 76736e43 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 000000006fa21a4b 2 bytes JMP 76736e63 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 000000006fa21a56 2 bytes JMP 76736e83 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 000000006fa21a61 2 bytes JMP 76736ea3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 000000006fa21a6c 2 bytes JMP 76735d85 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 000000006fa21a77 2 bytes JMP 76736ec3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 000000006fa21a82 2 bytes JMP 76736ee3 C:\Windows\syswow64\GDI32.dll .text C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe[2068] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 000000006fa21ab2 2 bytes JMP 7599dc75 C:\Windows\syswow64\msvcrt.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\DllHost.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5924] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [5924] entry point in ".rdata" section 000000006c9c71e6 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe[5664] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf + 207 00000000777cfc5b 7 bytes JMP 00000000779a0097 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000777edc30 16 bytes [50, 48, B8, 34, 35, 1E, ED, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5912] C:\Windows\SYSTEM32\ntdll.dll!RtlEnterUmsSchedulingMode + 171 000000007787fc4b 7 bytes JMP 00000000779a0016 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[716] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076c51401 2 bytes JMP 7539b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076c51419 2 bytes JMP 7539b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076c51431 2 bytes JMP 75418f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076c5144a 2 bytes CALL 75374885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076c514dd 2 bytes JMP 75418832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076c514f5 2 bytes JMP 75418a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076c5150d 2 bytes JMP 75418728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076c51525 2 bytes JMP 75418af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076c5153d 2 bytes JMP 7538fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076c51555 2 bytes JMP 753968df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076c5156d 2 bytes JMP 75418ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076c51585 2 bytes JMP 75418b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076c5159d 2 bytes JMP 754186ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076c515b5 2 bytes JMP 7538fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076c515cd 2 bytes JMP 7539b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076c516b2 2 bytes JMP 75418eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[5916] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076c516bd 2 bytes JMP 75418681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000777eda80 16 bytes [50, 48, B8, 80, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000777edbf0 16 bytes [50, 48, B8, D8, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000777edc10 48 bytes [50, 48, B8, 54, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000777edc50 16 bytes [50, 48, B8, A4, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000777edca0 32 bytes [50, 48, B8, FC, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000777edce0 16 bytes [50, 48, B8, E4, 09, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000777edd80 16 bytes [50, 48, B8, 2C, 0B, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000777edf00 16 bytes [50, 48, B8, A8, 08, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000777ee970 16 bytes [50, 48, B8, 78, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000777ee9c0 16 bytes [50, 48, B8, B4, 0A, AC, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000777eeb10 16 bytes [50, 48, B8, 40, 0B, AC, 3F, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\winlogon.exe[512] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefa2f2840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[512] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefa2f2720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[512] @ C:\Windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefa2f2840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\winlogon.exe[512] @ C:\Windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefa2f2720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1060] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!GetProcAddress] [7fefa2f2840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1060] @ c:\windows\system32\themeservice.dll[KERNEL32.dll!ReadFile] [7fefa2f2720] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1060] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!GetProcAddress] [7fefa2f2840] c:\windows\system32\uxtuneup.dll IAT C:\Windows\system32\svchost.exe[1060] @ C:\Windows\system32\uxtheme.dll[KERNEL32.dll!ReadFile] [7fefa2f2720] c:\windows\system32\uxtuneup.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2348] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5096] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5472] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5236] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3168] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2860] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3876] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6008] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5856] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4120] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6020] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5800] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4928] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1216] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1468] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fedec09bf4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fedec09a40] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fedec09bdc] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fedec09d44] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6372] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fedec09bd4] C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6196] @ C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [b7580030] ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4380:4812] 0000000076d07587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4380:5304] 000000006f9c8aa6 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4380:5512] 00000000779bc557 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4380:6048] 00000000779d27c1 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4380:1960] 00000000779d27c1 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4380:1348] 00000000779d27c1 ---- Processes - GMER 2.1 ---- Library C:\Users\Mateusz\AppData\Local\MEGAsync\ShellExtX64.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1768](2014-05-01 14:13:20) 000007fef8f20000 Library C:\Users\Mateusz\AppData\Local\MEGAsync\ShellExtX32.dll (*** suspicious ***) @ C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [4348](2014-05-01 14:15:20) 000000006f920000 Library C:\Users\Mateusz\AppData\Local\MEGAsync\ShellExtX32.dll (*** suspicious ***) @ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [5924](2014-05-01 14:15:20) 000000006f920000 Library C:\Users\Mateusz\AppData\Local\MEGAsync\ShellExtX64.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [5912](2014-05-01 14:13:20) 000007fef8f20000 ---- Files - GMER 2.1 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00653.log 1048576 bytes