GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-12-23 12:41:42 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160412AS rev.0003LVM1 149,05GB Running: 16bu39ox.exe; Driver: C:\Users\LENOVO~1\AppData\Local\Temp\pxryifog.sys ---- System - GMER 2.1 ---- SSDT 9062870E ZwCreateSection SSDT 90628718 ZwRequestWaitReplyPort SSDT 90628713 ZwSetContextThread SSDT 9062871D ZwSetSecurityObject SSDT 90628722 ZwSystemDebugControl SSDT 906286AF ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A84A15 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABE212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82AC558C 4 Bytes [0E, 87, 62, 90] {PUSH CS; XCHG [EDX-0x70], ESP} .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82AC58E8 4 Bytes [18, 87, 62, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82AC592C 4 Bytes [13, 87, 62, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82AC59A8 4 Bytes [1D, 87, 62, 90] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82AC59FC 4 Bytes [22, 87, 62, 90] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 38, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 3B, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 38, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 39, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 3A, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 39, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 3A, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 38, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 39, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 3A, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 3B, E9, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1248] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, D0, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, D3, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, D0, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, D1, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, D2, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, D1, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, D2, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, D0, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, D1, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, D2, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, D3, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1944] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [18, 20, 3B, 66] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2352] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 94, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 97, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 94, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 95, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 96, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 95, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 96, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 94, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 95, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 96, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 97, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 08, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 0B, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 08, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 09, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 0A, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 09, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 0A, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 08, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 09, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 0A, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 0B, 40, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4136] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 48, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 4B, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 48, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 49, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 4A, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 49, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 4A, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 48, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 49, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 4A, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 4B, 5B, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4276] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 74, BB, 00] {SUB [EBX+EDI*4+0x0], DH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 77, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 74, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 75, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 76, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 75, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 76, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 74, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 75, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 76, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 77, BB, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 50, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 53, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 50, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 51, 7F, 00] {TEST AL, 0x51; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 52, 7F, 00] {TEST AL, 0x52; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 51, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 52, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 50, 7F, 00] {TEST AL, 0x50; JG 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 51, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 52, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 53, 7F, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4844] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 8C, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 8F, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 8C, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 8D, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 8E, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 8D, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 8E, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 8C, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 8D, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 8E, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 8F, F5, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4892] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, EC, 00, 01] {SUB AH, CH; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, EF, 00, 01] {SUB BH, CH; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, EC, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, ED, 00, 01] {TEST AL, 0xed; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, EE, 00, 01] {TEST AL, 0xee; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, ED, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, EE, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, EC, 00, 01] {TEST AL, 0xec; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, ED, 00, 01] {SUB CH, CH; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, EE, 00, 01] {SUB DH, CH; ADD [ECX], AL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, EF, 00, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 04, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 07, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 04, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 05, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 06, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 05, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 06, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 04, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 05, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 06, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 07, AC, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5028] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, EC, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, EF, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, EC, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, ED, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, EE, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, ED, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, EE, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, EC, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, ED, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, EE, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, EF, 06, 01] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5032] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 34, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 37, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 34, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 35, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 36, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 35, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 36, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 34, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 35, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 36, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 37, F4, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5548] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 60, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 63, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 60, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 61, 13, 00] {TEST AL, 0x61; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 62, 13, 00] {TEST AL, 0x62; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 61, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 62, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 60, 13, 00] {TEST AL, 0x60; ADC EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 61, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 62, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 63, 13, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5688] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 6C, B3, 00] {SUB [EBX+ESI*4+0x0], CH} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 6F, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 6C, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 6D, B3, 00] {TEST AL, 0x6d; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 6E, B3, 00] {TEST AL, 0x6e; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 6D, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 6E, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 6C, B3, 00] {TEST AL, 0x6c; MOV BL, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 6D, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 6E, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 6F, B3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5712] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, F4, 78, 00] {SUB AH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, F7, 78, 00] {SUB BH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, F4, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, F5, 78, 00] {TEST AL, 0xf5; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, F6, 78, 00] {TEST AL, 0xf6; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, F5, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, F6, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, F4, 78, 00] {TEST AL, 0xf4; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, F5, 78, 00] {SUB CH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, F6, 78, 00] {SUB DH, DH; JS 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, F7, 78, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5956] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, CC, 23, 00] {SUB AH, CL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, CF, 23, 00] {SUB BH, CL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, CC, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, CD, 23, 00] {TEST AL, 0xcd; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, CE, 23, 00] {TEST AL, 0xce; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, CD, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, CE, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, CC, 23, 00] {TEST AL, 0xcc; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, CD, 23, 00] {SUB CH, CL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, CE, 23, 00] {SUB DH, CL; AND EAX, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, CF, 23, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5964] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 10, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 13, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 10, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 11, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 12, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 11, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 12, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 10, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 11, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 12, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 13, 46, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5984] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtCreateFile + 6 778B560E 4 Bytes [28, 54, C0, 00] {SUB [EAX+EAX*8+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtCreateFile + B 778B5613 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtMapViewOfSection + 6 778B5C6E 4 Bytes [28, 57, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtMapViewOfSection + B 778B5C73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenFile + 6 778B5D1E 4 Bytes [68, 54, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenFile + B 778B5D23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcess + 6 778B5DCE 4 Bytes [A8, 55, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcess + B 778B5DD3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessToken + B 778B5DE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessTokenEx + 6 778B5DEE 4 Bytes [A8, 56, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenProcessTokenEx + B 778B5DF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThread + 6 778B5E4E 4 Bytes [68, 55, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThread + B 778B5E53 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadToken + 6 778B5E5E 4 Bytes [68, 56, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadToken + B 778B5E63 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtOpenThreadTokenEx + B 778B5E73 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryAttributesFile + 6 778B5F7E 4 Bytes [A8, 54, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryAttributesFile + B 778B5F83 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtQueryFullAttributesFile + B 778B6033 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationFile + 6 778B667E 4 Bytes [28, 55, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationFile + B 778B6683 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationThread + 6 778B66DE 4 Bytes [28, 56, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtSetInformationThread + B 778B66E3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtUnmapViewOfSection + 6 778B69FE 4 Bytes [68, 57, C0, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[6064] ntdll.dll!NtUnmapViewOfSection + B 778B6A03 1 Byte [E2] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744A249F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74485652] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74485710] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744A251A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7449857E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74494D32] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744950D9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744951AE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744966DB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744982D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74498824] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74499085] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7449E228] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll IAT C:\Windows\Explorer.EXE[1648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74494C64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\gdiplus.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{21DB8116-4CB5-4078-A168-A41673CA79B0}\Connection@Name isatap.{BAC0EDE6-EBAA-49C5-A96F-C4478C2A62E4} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{FBFE90BF-EE75-446B-AE78-E98BD4EA8768}?\Device\{B5B323BD-9757-4DD9-AE35-8B24EBC3DFDF}?\Device\{21DB8116-4CB5-4078-A168-A41673CA79B0}?\Device\{7AF56C6D-E6A5-4D0D-9248-71482272A56E}?\Device\{520EBE08-A1CE-4158-8480-BC5837EA16F9}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{FBFE90BF-EE75-446B-AE78-E98BD4EA8768}"?"{B5B323BD-9757-4DD9-AE35-8B24EBC3DFDF}"?"{21DB8116-4CB5-4078-A168-A41673CA79B0}"?"{7AF56C6D-E6A5-4D0D-9248-71482272A56E}"?"{520EBE08-A1CE-4158-8480-BC5837EA16F9}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{FBFE90BF-EE75-446B-AE78-E98BD4EA8768}?\Device\TCPIP6TUNNEL_{B5B323BD-9757-4DD9-AE35-8B24EBC3DFDF}?\Device\TCPIP6TUNNEL_{21DB8116-4CB5-4078-A168-A41673CA79B0}?\Device\TCPIP6TUNNEL_{7AF56C6D-E6A5-4D0D-9248-71482272A56E}?\Device\TCPIP6TUNNEL_{520EBE08-A1CE-4158-8480-BC5837EA16F9}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607687a644 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c607687a644@70f395824857 0xD0 0x2B 0xF8 0x64 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{21DB8116-4CB5-4078-A168-A41673CA79B0}@InterfaceName isatap.{BAC0EDE6-EBAA-49C5-A96F-C4478C2A62E4} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{21DB8116-4CB5-4078-A168-A41673CA79B0}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607687a644 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c607687a644@70f395824857 0xD0 0x2B 0xF8 0x64 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@9878D3BD 36 ---- EOF - GMER 2.1 ----