GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-06-14 11:58:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC47 931,51GB Running: w6mstrxz.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwrdakob.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff880047b2d24 12 bytes {MOV RAX, 0xfffffa80080372a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000773a1465 2 bytes [3A, 77] .text C:\Users\Admin\AppData\Local\FluxSoftware\Flux\flux.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773a14bb 2 bytes [3A, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073ff1a22 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073ff1ad0 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073ff1b08 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073ff1bba 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073ff1bda 2 bytes [FF, 73] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000773a1465 2 bytes [3A, 77] .text C:\Windows\SysWOW64\PnkBstrA.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773a14bb 2 bytes [3A, 77] .text ... * 2 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3248] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 14 bytes {MOV RAX, 0x7fefa2165b0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5064] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000772413e0 7 bytes [48, B8, 50, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 8 00000000772413e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077241550 7 bytes [48, B8, D0, 40, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken + 8 0000000077241558 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077241570 7 bytes [48, B8, C0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077241578 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077241580 7 bytes [48, B8, B0, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077241588 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077241590 7 bytes [48, B8, 30, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077241598 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000772415b0 7 bytes [48, B8, A0, 3F, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000772415b8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077241600 7 bytes [48, B8, 40, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx + 8 0000000077241608 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 0000000077241610 7 bytes [48, B8, 10, 45, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx + 8 0000000077241618 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077241640 7 bytes [48, B8, 30, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 0000000077241648 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000772416e0 7 bytes [48, B8, 70, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile + 8 00000000772416e8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077241860 7 bytes [48, B8, B0, 41, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077241868 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000772422d0 7 bytes [48, B8, F0, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 00000000772422d8 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077242320 7 bytes [48, B8, 90, 44, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread + 8 0000000077242328 6 bytes {ADD [RAX], AL; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077242470 7 bytes [48, B8, 90, 42, 68, 3F, 01] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile + 8 0000000077242478 6 bytes {ADD [RAX], AL; JMP RAX} ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001090650] \SystemRoot\System32\Drivers\sppt.sys [unknown section] IAT C:\Windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010905dc] \SystemRoot\System32\Drivers\sppt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800105b35c] \SystemRoot\System32\Drivers\sppt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff8800105b224] \SystemRoot\System32\Drivers\sppt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800105ba24] \SystemRoot\System32\Drivers\sppt.sys [unknown section] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800105bba0] \SystemRoot\System32\Drivers\sppt.sys [unknown section] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4040] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1336] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3660] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1912] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5576] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5012] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5348] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [7fee9ff8df0] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee9ff8648] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee9ff8dd8] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [7fee9ff9038] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4180] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee8fa1880] C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.86\chrome_child.dll ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80073d82c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80073d82c0 Device \FileSystem\Ntfs \Ntfs fffffa80073de2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80082c42c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80082c42c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0206721A-9A84-4DF9-A5B4-EBD6A1BEA789} fffffa8007d092c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80082c42c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa80073d42c0 Device \Driver\volmgr \Device\FtControl fffffa80073d42c0 Device \Driver\volmgr \Device\VolMgrControl fffffa80073d42c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa80073d42c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa80073d42c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007d092c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80073d82c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80082c42c0 ---- Trace I/O - GMER 2.2 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80073d82c0]<< sppt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80073d82c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078dd060] fffffa80078dd060 Trace 3 CLASSPNP.SYS[fffff88001bba43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007549060] fffffa8007549060 Trace \Driver\atapi[0xfffffa80074a2e10] -> IRP_MJ_CREATE -> 0xfffffa80073d82c0 fffffa80073d82c0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x13 0x4D 0x62 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x13 0x4D 0x62 ... ---- EOF - GMER 2.2 ----