GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-07 16:28:02 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-22V1A0 rev.05.01D05 465,76GB Running: zwktplte.exe; Driver: C:\Users\x\AppData\Local\Temp\fxdoruoc.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83042A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307C212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA4977300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA49BA300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 1C, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 1F, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 1C, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 1D, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C8EE00 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 1E, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 1D, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 1E, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8EE91 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 1C, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8F04F C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 1D, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 1E, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 1F, 90, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[1904] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, AC, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, AF, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, AC, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, AD, 2C, 00] {TEST AL, 0xad; SUB AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C88A90 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, AE, 2C, 00] {TEST AL, 0xae; SUB AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, AD, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, AE, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C88B21 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, AC, 2C, 00] {TEST AL, 0xac; SUB AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C88CDF C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, AD, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, AE, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, AF, 2C, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2100] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [18, 10, 9A, 6B] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 18, 14, 00] {SUB [EAX], BL; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 1B, 14, 00] {SUB [EBX], BL; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 18, 14, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 19, 14, 00] {TEST AL, 0x19; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C871FC C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 1A, 14, 00] {TEST AL, 0x1a; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 19, 14, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 1A, 14, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8728D C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 18, 14, 00] {TEST AL, 0x18; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8744B C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 19, 14, 00] {SUB [ECX], BL; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 1A, 14, 00] {SUB [EDX], BL; ADC AL, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 1B, 14, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 60, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 63, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 60, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 61, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C95144 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 62, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 61, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 62, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C951D5 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 60, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C95393 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 61, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 62, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 63, F3, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[2996] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, C0, D9, 00] {SUB AL, AL; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, C3, D9, 00] {SUB BL, AL; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, C0, D9, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, C1, D9, 00] {TEST AL, 0xc1; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C937A4 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, C2, D9, 00] {TEST AL, 0xc2; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, C1, D9, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, C2, D9, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C93835 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, C0, D9, 00] {TEST AL, 0xc0; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C939F3 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, C1, D9, 00] {SUB CL, AL; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, C2, D9, 00] {SUB DL, AL; FLD DWORD [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, C3, D9, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3168] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 20, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 23, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 20, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 21, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C87504 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 22, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 21, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 22, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C87595 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 20, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C87753 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 21, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 22, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 23, 17, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3324] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 3C, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 3F, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 3C, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 3D, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C95020 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 3E, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 3D, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 3E, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C950B1 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 3C, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C9526F .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 3D, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 3E, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 3F, F2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3336] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, F8, 38, 00] {SUB AL, BH; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, FB, 38, 00] {SUB BL, BH; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, F8, 38, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, F9, 38, 00] {TEST AL, 0xf9; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C896DC C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, FA, 38, 00] {TEST AL, 0xfa; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, F9, 38, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, FA, 38, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8976D C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, F8, 38, 00] {TEST AL, 0xf8; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8992B C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, F9, 38, 00] {SUB CL, BH; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, FA, 38, 00] {SUB DL, BH; CMP [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, FB, 38, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[3396] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Roaming\Spotify\spotify.exe[4076] ntdll.dll!DbgBreakPoint 77C74108 1 Byte [C3] .text C:\Users\x\AppData\Roaming\Spotify\spotify.exe[4076] ntdll.dll!DbgUiRemoteBreakin 77CDF1D3 5 Bytes JMP 77C9E3B2 C:\Windows\SYSTEM32\ntdll.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, C0, D2, 00] {SUB AL, AL; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, C3, D2, 00] {SUB BL, AL; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, C0, D2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, C1, D2, 00] {TEST AL, 0xc1; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C930A4 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, C2, D2, 00] {TEST AL, 0xc2; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, C1, D2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, C2, D2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C93135 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, C0, D2, 00] {TEST AL, 0xc0; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C932F3 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, C1, D2, 00] {SUB CL, AL; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, C2, D2, 00] {SUB DL, AL; ROL [EAX], CL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, C3, D2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4296] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes CALL 5AC7563B .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, EB, 28, 00] {SUB BL, CH; SUB [EAX], AL} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes CALL 5AC75D4B .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes JMP 5AC75DFB .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C886CC C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes JMP E2FF0028 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes JMP 5AC75E7B .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes JMP E2FF0028 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8875D C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes CALL 5AC75FAB .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8891B C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes JMP 5AC766AB .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes JMP E2FF0028 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, EB, 28, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4356] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, F8, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, FB, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, F8, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, F9, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C926DC C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, FA, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, F9, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, FA, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C9276D C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, F8, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C9292B C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, F9, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, FA, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, FB, C8, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 88, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 8B, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 88, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 89, 7D, 00] {TEST AL, 0x89; JGE 0x4} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C8DB6C C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 8A, 7D, 00] {TEST AL, 0x8a; JGE 0x4} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 89, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 8A, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8DBFD C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 88, 7D, 00] {TEST AL, 0x88; JGE 0x4} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8DDBB C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 89, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 8A, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 8B, 7D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5328] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes CALL 5AC75669 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, EB, 56, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes CALL 5AC75D79 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes JMP 5AC75E29 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C8B4CC C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes JMP E2FF0056 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes JMP 5AC75EA9 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes JMP E2FF0056 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8B55D C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes CALL 5AC75FD9 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8B71B C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes JMP 5AC766D9 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes JMP E2FF0056 .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, EB, 56, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5392] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, 08, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, 0B, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, 08, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, 09, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C8BCEC C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, 0A, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, 09, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, 0A, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8BD7D C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, 08, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8BF3B C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, 09, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, 0A, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, 0B, 5F, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5424] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, AC, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, AF, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, AC, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, AD, B6, 00] {TEST AL, 0xad; MOV DH, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C91490 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, AE, B6, 00] {TEST AL, 0xae; MOV DH, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, AD, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, AE, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C91521 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, AC, B6, 00] {TEST AL, 0xac; MOV DH, 0x0} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C916DF C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, AD, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, AE, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, AF, B6, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5592] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, BC, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, BF, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, BC, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, BD, 2A, 00] {TEST AL, 0xbd; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C888A0 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, BE, 2A, 00] {TEST AL, 0xbe; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, BD, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, BE, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C88931 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, BC, 2A, 00] {TEST AL, 0xbc; SUB AL, [EAX]} .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C88AEF C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, BD, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, BE, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, BF, 2A, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5596] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, AC, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, AF, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, AC, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, AD, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C8B090 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, AE, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, AD, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, AE, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C8B121 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, AC, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C8B2DF C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, AD, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, AE, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, AF, 52, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5796] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, EC, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, EF, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, EC, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, ED, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C88BD0 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, EE, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, ED, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, EE, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C88C61 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, EC, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C88E1F C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, ED, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, EE, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, EF, 2D, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[5980] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtCreateFile + 6 77C8560E 4 Bytes [28, EC, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtCreateFile + B 77C85613 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtMapViewOfSection + 6 77C85C6E 4 Bytes [28, EF, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtMapViewOfSection + B 77C85C73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenFile + 6 77C85D1E 4 Bytes [68, EC, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenFile + B 77C85D23 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcess + 6 77C85DCE 4 Bytes [A8, ED, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcess + B 77C85DD3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessToken + 6 77C85DDE 4 Bytes CALL 76C920D0 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessToken + B 77C85DE3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessTokenEx + 6 77C85DEE 4 Bytes [A8, EE, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenProcessTokenEx + B 77C85DF3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThread + 6 77C85E4E 4 Bytes [68, ED, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThread + B 77C85E53 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadToken + 6 77C85E5E 4 Bytes [68, EE, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadToken + B 77C85E63 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadTokenEx + 6 77C85E6E 4 Bytes CALL 76C92161 C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtOpenThreadTokenEx + B 77C85E73 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryAttributesFile + 6 77C85F7E 4 Bytes [A8, EC, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryAttributesFile + B 77C85F83 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryFullAttributesFile + 6 77C8602E 4 Bytes CALL 76C9231F C:\Windows\system32\WS2_32.dll .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtQueryFullAttributesFile + B 77C86033 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationFile + 6 77C8667E 4 Bytes [28, ED, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationFile + B 77C86683 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationThread + 6 77C866DE 4 Bytes [28, EE, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtSetInformationThread + B 77C866E3 1 Byte [E2] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtTerminateProcess 77C86908 5 Bytes JMP 0138F202 C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtUnmapViewOfSection + 6 77C869FE 4 Bytes [68, EF, C2, 00] .text C:\Users\x\AppData\Local\Google\Chrome\Application\chrome.exe[6092] ntdll.dll!NtUnmapViewOfSection + B 77C86A03 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747924CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7477562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747756EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74792546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747885AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74784D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74785105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747851DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74786707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74788301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74788850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747890B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7478E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll IAT C:\Windows\Explorer.EXE[2200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74784C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 NBVolUp.sys AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 NBVolUp.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 NBVol.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 NBVolUp.sys AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xC0 0xF8 0x72 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x35 0x4A 0xF6 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8F 0xFC 0xFE 0xF1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0xCD 0x9D 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB9 0xC0 0xF8 0x72 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x35 0x4A 0xF6 0xC7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8F 0xFC 0xFE 0xF1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA5 0xCD 0x9D 0x96 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1635 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\006778.log 0 bytes File C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.pl_0.indexeddb.leveldb\MANIFEST-006777 218 bytes ---- EOF - GMER 2.1 ----