GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-04 13:34:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9SA00 rev.FB4OC43C 298,09GB Running: xz32g78k.exe; Driver: C:\Users\Paulina\AppData\Local\Temp\uxldapod.sys ---- System - GMER 2.1 ---- SSDT 865A0C64 ZwCreateKey SSDT 865A0974 ZwCreateMutant SSDT 865A396C ZwCreateProcess SSDT 865A3934 ZwCreateProcessEx SSDT 865A093C ZwCreateSymbolicLinkObject SSDT 865A0A1C ZwCreateThread SSDT 865A09E4 ZwCreateThreadEx SSDT 865A0D7C ZwCreateUserProcess SSDT 865A0BF4 ZwDeleteKey SSDT 865A0B4C ZwDeleteValueKey SSDT 865A0904 ZwDuplicateObject SSDT 865A09AC ZwLoadDriver SSDT 865A0D44 ZwOpenProcess SSDT 865A0B14 ZwOpenSection SSDT 865A0D0C ZwOpenThread SSDT 865A0BBC ZwRenameKey SSDT 865A0B84 ZwRestoreKey SSDT 865A08CC ZwSetSystemInformation SSDT 865A0C2C ZwSetValueKey SSDT 865A0CD4 ZwTerminateProcess SSDT 865A0C9C ZwTerminateThread SSDT 865A0A54 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E7DA09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB71F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82EBE314 4 Bytes [64, 0C, 5A, 86] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EBE324 4 Bytes [74, 09, 5A, 86] .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82EBE338 8 Bytes [6C, 39, 5A, 86, 34, 39, 5A, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82EBE354 12 Bytes [3C, 09, 5A, 86, 1C, 0A, 5A, ...] {CMP AL, 0x9; POP EDX; XCHG [EDX+ECX], BL; POP EDX; XCHG AH, AH; OR [EDX-0x7a], EBX} .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82EBE370 4 Bytes [7C, 0D, 5A, 86] .text ... .text C:\Windows\system32\DRIVERS\cdrom.sys unknown last code section [0x90827000, 0xA35C, 0x68000060] ? C:\Windows\system32\DRIVERS\cdrom.sys suspicious PE modification .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91619000, 0x2D5378, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 90, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 93, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 90, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 91, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691A434 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 92, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 91, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 92, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691A4C5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 90, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691A683 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 91, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 92, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 93, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[400] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1356] CRYPT32.dll!CryptImportPublicKeyInfoEx + 98 75B139CA 7 Bytes JMP 0070F630 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1356] CRYPT32.dll!I_CryptEnumMatchingLruEntries + 1C01 75B1A749 7 Bytes JMP 0070F6A0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, F4, 33, 00] {SUB AH, DH; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, F7, 33, 00] {SUB BH, DH; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, F4, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, F5, 33, 00] {TEST AL, 0xf5; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76919198 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, F6, 33, 00] {TEST AL, 0xf6; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, F5, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, F6, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76919229 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, F4, 33, 00] {TEST AL, 0xf4; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 769193E7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, F5, 33, 00] {SUB CH, DH; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, F6, 33, 00] {SUB DH, DH; XOR EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, F7, 33, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1740] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 84, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 87, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 84, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 85, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76917528 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 86, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 85, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 86, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 769175B9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 84, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76917777 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 85, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 86, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 87, 17, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 00, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtMapViewOfSection + 6 77915C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 03, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 00, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 01, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76924AA4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 02, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 01, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 02, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76924B35 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 00, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76924CF3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 01, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 02, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 03, ED, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 24, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 27, DB, 00] {SUB [EDI], AH; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 24, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 25, DB, 00] {TEST AL, 0x25; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 769238C8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 26, DB, 00] {TEST AL, 0x26; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 25, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 26, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76923959 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 24, DB, 00] {TEST AL, 0x24; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76923B17 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 25, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 26, DB, 00] {SUB [ESI], AH; FILD DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 27, DB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4272] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 84, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 87, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 84, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 85, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76917D28 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 86, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 85, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 86, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76917DB9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 84, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76917F77 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 85, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 86, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 87, 1F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4360] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, E4, 88, 00] {SUB AH, AH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, E7, 88, 00] {SUB BH, AH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, E4, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, E5, 88, 00] {TEST AL, 0xe5; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691E688 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, E6, 88, 00] {TEST AL, 0xe6; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, E5, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, E6, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691E719 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, E4, 88, 00] {TEST AL, 0xe4; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691E8D7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, E5, 88, 00] {SUB CH, AH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, E6, 88, 00] {SUB DH, AH; MOV [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, E7, 88, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4448] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 2C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 2F, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 2C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 2D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76918AD0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 2E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 2D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 2E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76918B61 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 2C, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76918D1F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 2D, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 2E, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 2F, 2D, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4668] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 00, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + 6 77915C2E 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 03, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 00, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 01, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76924BA4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 02, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 01, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 02, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76924C35 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 00, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76924DF3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 01, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 02, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 03, EE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 84, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 87, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 84, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 85, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691EF28 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 86, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 85, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 86, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691EFB9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 84, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691F177 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 85, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 86, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 87, 91, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4972] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, DC, 8B, 00] {SUB AH, BL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, DF, 8B, 00] {SUB BH, BL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, DC, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, DD, 8B, 00] {TEST AL, 0xdd; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691E980 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, DE, 8B, 00] {TEST AL, 0xde; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, DD, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, DE, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691EA11 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, DC, 8B, 00] {TEST AL, 0xdc; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691EBCF C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, DD, 8B, 00] {SUB CH, BL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, DE, 8B, 00] {SUB DH, BL; MOV EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, DF, 8B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5004] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 9C, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 9F, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 9C, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 9D, 7E, 00] {TEST AL, 0x9d; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691DC40 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 9E, 7E, 00] {TEST AL, 0x9e; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 9D, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 9E, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691DCD1 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 9C, 7E, 00] {TEST AL, 0x9c; JLE 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691DE8F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 9D, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 9E, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 9F, 7E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5172] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, C8, B4, 00] {SUB AL, CL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, CB, B4, 00] {SUB BL, CL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, C8, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, C9, B4, 00] {TEST AL, 0xc9; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7692126C C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, CA, B4, 00] {TEST AL, 0xca; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, C9, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, CA, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 769212FD C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, C8, B4, 00] {TEST AL, 0xc8; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 769214BB C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, C9, B4, 00] {SUB CL, CL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, CA, B4, 00] {SUB DL, CL; MOV AH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, CB, B4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5220] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 2C, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 2F, FF, 00] {SUB [EDI], CH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 2C, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 2D, FF, 00] {TEST AL, 0x2d; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76925CD0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 2E, FF, 00] {TEST AL, 0x2e; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 2D, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 2E, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76925D61 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 2C, FF, 00] {TEST AL, 0x2c; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76925F1F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 2D, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 2E, FF, 00] {SUB [ESI], CH; INC DWORD [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 2F, FF, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5236] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 4C, 4B, 00] {SUB [EBX+ECX*2+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 4F, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 4C, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 4D, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691A8F0 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 4E, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 4D, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 4E, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691A981 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 4C, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691AB3F C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 4D, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 4E, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 4F, 4B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5416] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 28, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 2B, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 28, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 29, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 769254CC C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 2A, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 29, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 2A, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7692555D C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 28, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7692571B C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 29, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 2A, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 2B, F7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5516] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 94, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 97, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 94, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 95, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76920038 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 96, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 95, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 96, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 769200C9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 94, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76920287 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 95, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 96, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 97, A2, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5732] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 34, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 37, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 34, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 35, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691FDD8 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 36, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 35, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 36, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691FE69 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 34, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76920027 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 35, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 36, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 37, A0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, B4, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, B7, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, B4, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, B5, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76919E58 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, B6, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, B5, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, B6, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76919EE9 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, B4, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691A0A7 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, B5, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, B6, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, B7, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5848] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 50, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 53, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 50, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 51, 84, 00] {TEST AL, 0x51; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 7691E1F4 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 52, 84, 00] {TEST AL, 0x52; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 51, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 52, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 7691E285 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 50, 84, 00] {TEST AL, 0x50; TEST [EAX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 7691E443 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 51, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 52, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 53, 84, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, 80, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, 83, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, 80, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, 81, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76919C24 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, 82, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, 81, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, 82, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76919CB5 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, 80, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 76919E73 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, 81, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, 82, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, 83, 3E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtCreateFile + 6 779155CE 4 Bytes [28, F0, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtCreateFile + B 779155D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtMapViewOfSection + 6 77915C2E 4 Bytes [28, F3, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtMapViewOfSection + B 77915C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenFile + 6 77915CDE 4 Bytes [68, F0, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenFile + B 77915CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenProcess + 6 77915D8E 4 Bytes [A8, F1, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenProcess + B 77915D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenProcessToken + 6 77915D9E 4 Bytes CALL 76923594 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenProcessToken + B 77915DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenProcessTokenEx + 6 77915DAE 4 Bytes [A8, F2, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenProcessTokenEx + B 77915DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenThread + 6 77915E0E 4 Bytes [68, F1, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenThread + B 77915E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenThreadToken + 6 77915E1E 4 Bytes [68, F2, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenThreadToken + B 77915E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenThreadTokenEx + 6 77915E2E 4 Bytes CALL 76923625 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtOpenThreadTokenEx + B 77915E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtQueryAttributesFile + 6 77915F3E 4 Bytes [A8, F0, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtQueryAttributesFile + B 77915F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtQueryFullAttributesFile + 6 77915FEE 4 Bytes CALL 769237E3 C:\Windows\system32\SHELL32.dll .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtQueryFullAttributesFile + B 77915FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtSetInformationFile + 6 7791663E 4 Bytes [28, F1, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtSetInformationFile + B 77916643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtSetInformationThread + 6 7791669E 4 Bytes [28, F2, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtSetInformationThread + B 779166A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtUnmapViewOfSection + 6 779169BE 4 Bytes [68, F3, D7, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6512] ntdll.dll!NtUnmapViewOfSection + B 779169C3 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740424CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7402562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740256EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74042546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740385AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74034D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74035105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740351DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74036707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74038301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74038850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740390B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7403E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[3644] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74034C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86529698]<< 86529698 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86180aa0] 86180aa0 Trace 3 CLASSPNP.SYS[8ae0459e] -> nt!IofCallDriver -> [0x860e6028] 860e6028 Trace \Driver\00000674[0x860e5460] -> IRP_MJ_CREATE -> 0x86529698 86529698 ---- Modules - GMER 2.1 ---- Module (noname) (*** hidden *** ) 8B400000-8B411000 (69632 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x2C 0x76 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x2C 0x76 0x80 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 57 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\A42C169F-4B2E-4F36-98EC-49B988E52372@IPAddress fe80::1c11:dfcb:9f08:695d Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\A42C169F-4B2E-4F36-98EC-49B988E52372@Alive 0 ---- Files - GMER 2.1 ---- File C:\Program Files\Windows Defender\pl-PL\MpAsDesc.dll.mui 41472 bytes executable File C:\Program Files\Windows Defender\pl-PL\MpEvMsg.dll.mui 17920 bytes executable File C:\Program Files\Windows Defender\pl-PL\MsMpRes.dll.mui 53248 bytes executable File C:\Windows\$NtUninstallKB62820$\1340652172 0 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\@ 2048 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\Desktop.ini 4608 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\L 0 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\L\00000004.@ 804 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\L\201d3dde 439 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\L\76603ac3 2416 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\L\xadqgnnk 108544 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\U 0 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\U\00000004.@ 2048 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\U\00000008.@ 1024 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\U\000000cb.@ 1632 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\U\80000000.@ 11776 bytes File C:\Windows\$NtUninstallKB62820$\1340652172\U\80000032.@ 90624 bytes File C:\Windows\$NtUninstallKB62820$\4154425104 0 bytes ---- EOF - GMER 2.1 ----